1
0
mirror of https://git.tartarus.org/simon/putty.git synced 2025-01-10 09:58:01 +00:00
Commit Graph

58 Commits

Author SHA1 Message Date
Simon Tatham
ead9081318 One more defensive assert, just to be sure.
[originally from svn r9997]
2013-08-06 16:45:49 +00:00
Simon Tatham
a7cc906df0 The bignum code has two representations of zero, since
bn_restore_invariant (and the many loops that duplicate it) leaves a
single zero word in a bignum representing 0, whereas the constant
'Zero' does not have any data words at all. Cope with this in
bignum_cmp.

(It would be a better plan to decide on one representation and stick
with it, but this is the less disruptive fix for the moment.)

[originally from svn r9996]
2013-08-05 19:50:51 +00:00
Simon Tatham
a7d13e284a Add some more precautionary assertions, just in case anything wildly
out of range manages to get past other recent fixes.

[originally from svn r9995]
2013-08-05 19:50:47 +00:00
Simon Tatham
97db2b6646 Fix memory leaks in the new error return from modinv.
[originally from svn r9992]
2013-08-04 22:33:50 +00:00
Simon Tatham
cb1df53360 Make modinv able to return NULL if its inputs are not coprime, and
check for that return value everywhere it is used.

[originally from svn r9990]
2013-08-04 19:34:07 +00:00
Simon Tatham
5bcb8d6aac More consistently defend against division by zero with assertions. We
now check that all the modular functions (modpow, modinv, modmul,
bigdivmod) have nonzero moduli, and that modinv also has a nonzero
thing to try to invert.

[originally from svn r9987]
2013-08-04 19:33:53 +00:00
Simon Tatham
55e8a268ab Found a lot of places in sshbn.c where for-loops zeroing out memory
just before freeing it really ought to be smemclrs.

[originally from svn r9981]
2013-08-02 19:51:36 +00:00
Simon Tatham
e01104f899 Fix an array-size bug in modmul, and add some tests for it.
[originally from svn r9977]
2013-08-02 06:27:54 +00:00
Simon Tatham
3c443bd2a5 Update the suggested compile command in sshbn.c's test rig.
[originally from svn r9732]
2012-12-22 18:10:08 +00:00
Simon Tatham
f2bbeca400 Fix two gcc warnings about confused printf format strings in the
bignum code's test harness. Thanks to Sup Yut Sum for fixing this in
TortoisePlink and Sven Strickroth for bringing it to my attention.

[originally from svn r9731]
2012-12-22 18:09:02 +00:00
Simon Tatham
aa5bae8916 Introduce a new utility function smemclr(), which memsets things to
zero but does it in such a way that over-clever compilers hopefully
won't helpfully optimise the call away if you do it just before
freeing something or letting it go out of scope. Use this for
(hopefully) every memset whose job is to destroy sensitive data that
might otherwise be left lying around in the process's memory.

[originally from svn r9586]
2012-07-22 19:51:50 +00:00
Simon Tatham
1fda4423e0 Fix Windows compile warnings by adding explicit casts.
[originally from svn r9200]
2011-07-12 18:09:46 +00:00
Simon Tatham
7957ca1153 Rejig the bottom-level loops in internal_mul_* to use pointers instead
of array indices. You'd hope that compilers could automatically turn
the one representation into the other if it was faster to do so, but
apparently not: even on gcc -O3, this source transformation gains over
15% performance.

[originally from svn r9105]
2011-02-22 19:09:27 +00:00
Simon Tatham
77180221bd Move the malloc and free of scratch space out of the internal_mul
routines into their callers, where they'll be done once for a whole
modpow rather than many times within each multiply. Doesn't save much
time as far as I can see - perhaps a couple of percent, one second in
the minute it takes to run the new bignum test suite - but seems like
a sensible idea anyway on general principles.

[originally from svn r9103]
2011-02-21 19:47:28 +00:00
Simon Tatham
15d7f8bb3e Add tests of modpow.
[originally from svn r9100]
2011-02-20 15:27:48 +00:00
Simon Tatham
1b47322c3b Nearly forgot. Reinstate the original unoptimised modpow, as a
fallback for when Montgomery is inapplicable.

(I may also at some point switch to using it for small exponents, if
speed testing should reveal that there's a noticeable threshold beyond
which preparing the Montgomery setup is uneconomical.)

[originally from svn r9099]
2011-02-20 15:14:02 +00:00
Simon Tatham
260cee498e Fix bug in Karatsuba multiplication, which affected propagation of a
carry by more than one word. Now the current set of test cases all
pass again.

[originally from svn r9098]
2011-02-20 15:06:39 +00:00
Simon Tatham
01d365b626 Beginnings of a test suite for the bignum code. The output of
testdata/bignum.py is twice the size of the rest of the PuTTY source
put together, so I'm not checking it in.

This reveals bugs in the new multiplication code, which I have yet to
fix.

[originally from svn r9097]
2011-02-20 14:59:00 +00:00
Simon Tatham
fa85085640 Implement the Chinese Remainder Theorem optimisation for speeding up
RSA private key operations by making use of the fact that we know the
factors of the modulus.

[originally from svn r9095]
2011-02-18 08:25:39 +00:00
Simon Tatham
61875b87e3 Implement the Montgomery technique for speeding up modular
exponentiation by replacing the modulo operation by a cleverly chosen
multiplication. This was not worth doing in the previous state of the
code (because my multiply was about as slow as my modulo), but now
that multiplication has been sped up by the Karatsuba optimisation,
Montgomery becomes worthwhile.

[originally from svn r9094]
2011-02-18 08:25:38 +00:00
Simon Tatham
d9c3353176 Implement the Karatsuba technique for recursive divide-and-conquer
optimisation of large multiplies.

[originally from svn r9093]
2011-02-18 08:25:37 +00:00
Simon Tatham
8b4c50be45 Add some appropriate bignum typedefs for generic 64-bit systems,
setting BignumInt to 32 bits. gcc defines _LP64 on x86-64 and
presumably on other 64-bit architectures, so I've conditioned my
defines on that in the hope that they won't need redoing for the next
few such architectures.

I've also added a set for _LLP64, but it's untested as yet.

[originally from svn r9092]
2011-02-18 08:25:36 +00:00
Simon Tatham
42801b7e9e Get rid of all the MSVC warnings.
[originally from svn r7086]
2007-01-09 18:24:07 +00:00
Jacob Nevins
d75ab2b509 Robert Evans spotted that bignum_decimal() failed to cope with being given
a zero input.
This shouldn't matter for PuTTY, as these routines are only used in PuTTYgen,
to output SSH-1 format public key exponents/moduli, which should be nonzero.

[originally from svn r6731]
2006-06-17 12:02:03 +00:00
Jacob Nevins
d8b7de5435 Improvements from Spyros Blanas to the MSVC optimisations of r6469:
don't do a function call for each divmod, and don't rely on details of
the calling convention.
(This didn't actually make any measurable difference to runtime in any
of my tests, but we may as well keep it as it's neater.)
Also document some general caveats of the divmod macro.

[originally from svn r6475]
[r6469 == d72e4b718c]
2005-12-06 23:18:27 +00:00
Jacob Nevins
d72e4b718c An MSVC version of the 16->32-bit bignum optimisation, derived from part of
a patch by Lionel Fourquaux. Seems to be about a factor of four improvement
(see wishlist item for details).
I don't claim to understand this in detail, so I can't vouch for its
correctness, but it didn't fall over immediately. It also produces some
compiler warnings, unfortunately.

[originally from svn r6469]
[this svn revision also touched putty-wishlist]
2005-11-23 21:26:05 +00:00
Jacob Nevins
5aa719d16e Consistently use a single notation to refer to SSH protocol versions, as
discussed. Use Barrett and Silverman's convention of "SSH-1" for SSH protocol
version 1 and "SSH-2" for protocol 2 ("SSH1"/"SSH2" refer to ssh.com
implementations in this scheme). <http://www.snailbook.com/terms.html>

[originally from svn r5480]
2005-03-10 16:36:05 +00:00
Simon Tatham
ac61490a5b Fix divide overflow in internal_mod(). Thanks to William Petiot for
spotting a special case that the DIV instruction can't quite cover.

[originally from svn r5028]
2004-12-28 14:04:26 +00:00
Simon Tatham
4217269931 Merged SSH1 robustness changes from 0.55 release branch on to trunk.
[originally from svn r4379]
2004-08-01 12:07:11 +00:00
Simon Tatham
501997ab2b Improve robustness in modpow().
[originally from svn r4372]
2004-07-29 15:44:35 +00:00
Simon Tatham
ee72bf04df Fix a casting bug with the length-independent sshbn code.
[originally from svn r3760]
2004-01-22 18:37:48 +00:00
Simon Tatham
a326264500 Two small memory leaks, also noticed by Martin Prikryl.
[originally from svn r3752]
2004-01-21 19:41:34 +00:00
Simon Tatham
4e8325c967 Fix a couple of blatant memory leaks; thanks to Ruurd Beerstra for
pointing at least one of them out.

[originally from svn r3421]
2003-08-25 14:18:14 +00:00
Simon Tatham
f9ca6e8501 bignum_mod_short shouldn't be depending on a fixed place value in
the bignum data! This wasn't actually causing puttygen-zero-div (its
unwarranted assumption was still correct under Windows) but it would
have caused the same symptoms under Unix when I got round to porting
PuTTYgen.

[originally from svn r3315]
2003-06-28 14:10:06 +00:00
Simon Tatham
51fa8d6294 Force gcc to use x86's built-in 64/32->32,32 division instruction
rather than swanning off to a helper function. This seems to make
woefully little actual performance difference, which annoys me, but
it's a just-about-detectable improvement so I'll leave it in.

[originally from svn r3136]
2003-04-23 15:25:45 +00:00
Simon Tatham
afd4b4d662 Added framework to sshbn.c to make it possible to vary the
underlying integer type forming the Bignum. Using this, arranged
that gcc/x86 uses 32-bit chunks rather than the guaranteed ANSI-
portable 16-bit chunks. This has gained another 30% on key exchanges
by my measurements, but I'm not yet convinced that it's all
perfectly robust - it seems to work fine for SSH1 and SSH2/RSA but
I haven't ensured that every bignum routine is actually being
tested, so it may yet show up problems in DSA or key generation.

[originally from svn r3135]
2003-04-23 14:48:57 +00:00
Simon Tatham
d36a4c3685 Introduced wrapper macros snew(), snewn() and sresize() for the
malloc functions, which automatically cast to the same type they're
allocating the size of. Should prevent any future errors involving
mallocing the size of the wrong structure type, and will also make
life easier if we ever need to turn the PuTTY core code from real C
into C++-friendly C. I haven't touched the Mac frontend in this
checkin because I couldn't compile or test it.

[originally from svn r3014]
2003-03-29 16:14:26 +00:00
Ben Harris
8b3b85fc5b bigdivmod() is unreferenced outside this file. Make it static.
diagbn() is unreferenced.  #if it out.

[originally from svn r2477]
2003-01-05 23:05:49 +00:00
Simon Tatham
52bdffbfe0 More preparatory work: remove the <windows.h> include from lots of
source files in which it's no longer required (it was previously
required in anything that included <putty.h>, but not any more).
Also moved a couple of stray bits of exposed WinSock back into
winnet.c (getservbyname from ssh.c and AF_INET from proxy.c).

[originally from svn r2160]
2002-10-30 17:57:31 +00:00
Simon Tatham
db7196c174 Diffie-Hellman key exchange now uses a dynamically allocated context.
[originally from svn r2135]
2002-10-25 13:08:01 +00:00
Simon Tatham
36e6d63b66 Fix various fiddly little warnings.
[originally from svn r1298]
2001-09-25 19:59:14 +00:00
Simon Tatham
d345ebc2a5 Add support for DSA authentication in SSH2, following clever ideas
on how to get round the problem of generating a good k.

[originally from svn r1284]
2001-09-22 20:52:21 +00:00
Simon Tatham
3730ada5ce Run entire source base through GNU indent to tidy up the varying
coding styles of the various contributors! Woohoo!

[originally from svn r1098]
2001-05-06 14:35:20 +00:00
Simon Tatham
522f130391 Pageant interface changes. You can now do `pageant -c command' to
spawn another command after starting Pageant. Also, if Pageant is
already running, `pageant keyfile' and `pageant -c command' will do
the Right Thing, that is, add the key to the _first_ Pageant and/or
run a command and then exit. The only time you now get the `Pageant
is already running' error is if you try to start the second copy
with no arguments.
NB the affected files in this checkin are rather wide-ranging
because I renamed the not really SSH1-specific
`ssh1_bignum_bitcount' function to just `bignum_bitcount'.

[originally from svn r1044]
2001-04-16 11:16:58 +00:00
Simon Tatham
0c8635beda Tiny bug in bn_power_2() - didn't work with powers that were a
multiple of 16. Oops!

[originally from svn r990]
2001-03-10 11:03:26 +00:00
Simon Tatham
d894658913 More options for bignum debugging
[originally from svn r972]
2001-03-03 11:53:07 +00:00
Simon Tatham
47fc223782 A fix in modmul: don't segfault or fill the result with rubbish if
the unreduced product is shorter than the modulus.

[originally from svn r965]
2001-03-02 10:29:23 +00:00
Simon Tatham
f72b5aa95f Remove the last lingering knowledge, outside sshbn.c, of the
internal structure of the Bignum type. Bignum is now a fully opaque
type unless you're inside sshbn.c.

[originally from svn r960]
2001-03-01 17:41:26 +00:00
Simon Tatham
d5240d4157 Make memory management uniform: _everything_ now goes through the
smalloc() macros and thence to the safemalloc() functions in misc.c.
This should allow me to plug in a debugging allocator and track
memory leaks and segfaults and things.

[originally from svn r818]
2000-12-12 10:33:13 +00:00
Simon Tatham
e51b4da9f7 Make the frankly ridiculous prototypes for modpow() and modmul() more sane
[originally from svn r752]
2000-10-23 16:11:31 +00:00