6bc18a3bd4
As part of excising BIGNUM from EC scalars, we will need a "words" version of BN_mod_mul_montgomery. That, in turn, requires BN_sqr and BN_mul for cases where we don't have bn_mul_mont. BN_sqr and BN_mul have a lot of logic in there, with the most complex cases being not even remotely constant time. Fortunately, those only apply to RSA-sized numbers, not EC-sized numbers. (With the exception, I believe, of 32-bit P-521 which just barely exceeds the cutoff.) Imposing a limit also makes it easier to stack-allocate temporaries (BN_CTX serves a similar purpose in BIGNUM). Extract bn_mul_small and bn_sqr_small and test them as part of bn_tests.txt. Later changes will build on these. If we end up reusing these functions for RSA in the future (though that would require tending to the egregiously non-constant-time code in the no-asm build), we probably want to extract a version where there is an explicit tmp parameter as in bn_sqr_normal rather than the stack bits. Change-Id: If414981eefe12d6664ab2f5e991a359534aa7532 Reviewed-on: https://boringssl-review.googlesource.com/23068 Reviewed-by: Adam Langley <agl@google.com> |
||
|---|---|---|
| .github | ||
| crypto | ||
| decrepit | ||
| fipstools | ||
| fuzz | ||
| include/openssl | ||
| infra/config | ||
| ssl | ||
| third_party | ||
| tool | ||
| util | ||
| .clang-format | ||
| .gitignore | ||
| API-CONVENTIONS.md | ||
| BUILDING.md | ||
| CMakeLists.txt | ||
| codereview.settings | ||
| CONTRIBUTING.md | ||
| FUZZING.md | ||
| INCORPORATING.md | ||
| LICENSE | ||
| PORTING.md | ||
| README.md | ||
| sources.cmake | ||
| STYLE.md | ||
BoringSSL
BoringSSL is a fork of OpenSSL that is designed to meet Google's needs.
Although BoringSSL is an open source project, it is not intended for general use, as OpenSSL is. We don't recommend that third parties depend upon it. Doing so is likely to be frustrating because there are no guarantees of API or ABI stability.
Programs ship their own copies of BoringSSL when they use it and we update everything as needed when deciding to make API changes. This allows us to mostly avoid compromises in the name of compatibility. It works for us, but it may not work for you.
BoringSSL arose because Google used OpenSSL for many years in various ways and, over time, built up a large number of patches that were maintained while tracking upstream OpenSSL. As Google's product portfolio became more complex, more copies of OpenSSL sprung up and the effort involved in maintaining all these patches in multiple places was growing steadily.
Currently BoringSSL is the SSL library in Chrome/Chromium, Android (but it's not part of the NDK) and a number of other apps/programs.
There are other files in this directory which might be helpful:
- PORTING.md: how to port OpenSSL-using code to BoringSSL.
- BUILDING.md: how to build BoringSSL
- INCORPORATING.md: how to incorporate BoringSSL into a project.
- API-CONVENTIONS.md: general API conventions for BoringSSL consumers and developers.
- STYLE.md: rules and guidelines for coding style.
- include/openssl: public headers with API documentation in comments. Also available online.
- FUZZING.md: information about fuzzing BoringSSL.
- CONTRIBUTING.md: how to contribute to BoringSSL.