generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix BIGNUM flag handling

Browse Source
This commit is contained in:
Bodo Möller 2008-02-27 06:01:28 +00:00
parent 0d7f6fc76a
commit 7c9882eb24
3 changed files with 42 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGES
View File

@ -610,6 +610,10 @@
Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
*) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
to get the expected BN_FLG_CONSTTIME behavior.
[Bodo Moeller (Google)]
*) Netware support: *) Netware support:
- fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets

1
crypto/bn/bn_mont.c
View File

@ -425,6 +425,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
BIGNUM tmod; BIGNUM tmod;
BN_ULONG buf[2]; BN_ULONG buf[2];
BN_init(&tmod);
tmod.d=buf; tmod.d=buf;
tmod.dmax=2; tmod.dmax=2;
tmod.neg=0; tmod.neg=0;

60
crypto/rsa/rsa_eay.c
View File

@ -151,13 +151,13 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
} }
/* Usage example; /* Usage example;
* MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
*/ */
#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ #define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ if ((pre_cond) && ((method_mod) == NULL) && \
!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ !BN_MONT_CTX_set_locked(&(method_mod), \
CRYPTO_LOCK_RSA, \ CRYPTO_LOCK_RSA, \
(rsa)->m, (ctx))) \ (m), (ctx))) \
err_instr err_instr
static int RSA_eay_public_encrypt(int flen, const unsigned char *from, static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
@ -233,7 +233,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
goto err; goto err;
} }
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) goto err;
@ -436,9 +436,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
} }
else else
d = rsa->d; d= rsa->d;
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) goto err;
@ -559,7 +559,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
else else
d = rsa->d; d = rsa->d;
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n)) rsa->_method_mod_n))
goto err; goto err;
@ -669,7 +669,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
goto err; goto err;
} }
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) goto err;
@ -717,7 +717,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
BIGNUM *r1,*m1,*vrfy; BIGNUM *r1,*m1,*vrfy;
BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
BIGNUM *dmp1,*dmq1,*c,*pr1; BIGNUM *dmp1,*dmq1,*c,*pr1;
int bn_flags;
int ret=0; int ret=0;
BN_CTX_start(ctx); BN_CTX_start(ctx);
@ -725,31 +724,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
m1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx);
vrfy = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx);
/* Make sure mod_inverse in montgomerey intialization use correct {
* BN_FLG_CONSTTIME flag. BIGNUM local_p, local_q;
BIGNUM *p = NULL, *q = NULL;
/* Make sure BN_mod_inverse in Montgomery intialization uses the
* BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
*/ */
bn_flags = rsa->p->flags;
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
rsa->p->flags |= BN_FLG_CONSTTIME; BN_init(&local_p);
} p = &local_p;
MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
/* We restore bn_flags back */
rsa->p->flags = bn_flags;
/* Make sure mod_inverse in montgomerey intialization use correct BN_init(&local_q);
* BN_FLG_CONSTTIME flag. q = &local_q;
*/ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
bn_flags = rsa->q->flags; }
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) else
{ {
rsa->q->flags |= BN_FLG_CONSTTIME; p = rsa->p;
q = rsa->q;
} }
MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
/* We restore bn_flags back */
rsa->q->flags = bn_flags;
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
}
MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
/* compute I mod q */ /* compute I mod q */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))