Use BN_with_flags() in a cleaner way.
Complete previous change: Constant time DSA [sync with mainstream].
This commit is contained in:
Bodo Möller
@@ -231,6 +231,8 @@ extern "C" {
|
|||||||
#define BN_set_flags(b,n) ((b)->flags|=(n))
|
#define BN_set_flags(b,n) ((b)->flags|=(n))
|
||||||
#define BN_get_flags(b,n) ((b)->flags&(n))
|
#define BN_get_flags(b,n) ((b)->flags&(n))
|
||||||
|
|
||||||
|
/* get a clone of a BIGNUM with changed flags, for *temporary* use only
|
||||||
|
* (the two BIGNUMs cannot not be used in parallel!) */
|
||||||
#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
|
#define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \
|
||||||
(dest)->top=(b)->top, \
|
(dest)->top=(b)->top, \
|
||||||
(dest)->dmax=(b)->dmax, \
|
(dest)->dmax=(b)->dmax, \
|
||||||
|
|||||||
@@ -150,6 +150,7 @@ static int generate_key(DH *dh)
|
|||||||
|
|
||||||
if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
|
if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
|
||||||
{
|
{
|
||||||
|
BN_init(&local_prk);
|
||||||
prk = &local_prk;
|
prk = &local_prk;
|
||||||
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
|
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa)
|
|||||||
|
|
||||||
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
|
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
|
||||||
{
|
{
|
||||||
|
BN_init(&local_prk);
|
||||||
prk = &local_prk;
|
prk = &local_prk;
|
||||||
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
|
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
|
|||||||
|
|
||||||
if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||||
{
|
{
|
||||||
|
BN_init(&local_d);
|
||||||
d = &local_d;
|
d = &local_d;
|
||||||
BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -11,9 +11,10 @@ CFLAG= -g
|
|||||||
INSTALL_PREFIX=
|
INSTALL_PREFIX=
|
||||||
OPENSSLDIR= /usr/local/ssl
|
OPENSSLDIR= /usr/local/ssl
|
||||||
INSTALLTOP= /usr/local/ssl
|
INSTALLTOP= /usr/local/ssl
|
||||||
|
MAKEFILE= Makefile
|
||||||
MAKEDEPPROG= makedepend
|
MAKEDEPPROG= makedepend
|
||||||
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
|
||||||
MAKEFILE= Makefile
|
PERL= perl
|
||||||
RM= rm -f
|
RM= rm -f
|
||||||
AR= ar r
|
AR= ar r
|
||||||
|
|
||||||
|
|||||||
@@ -152,6 +152,7 @@ static int generate_key(DH *dh)
|
|||||||
|
|
||||||
if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
|
if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
|
||||||
{
|
{
|
||||||
|
BN_init(&local_prk);
|
||||||
prk = &local_prk;
|
prk = &local_prk;
|
||||||
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
|
BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -212,6 +212,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
|
|||||||
do
|
do
|
||||||
if (!BN_rand_range(&k, dsa->q)) goto err;
|
if (!BN_rand_range(&k, dsa->q)) goto err;
|
||||||
while (BN_is_zero(&k));
|
while (BN_is_zero(&k));
|
||||||
|
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
|
||||||
|
{
|
||||||
|
BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
|
||||||
|
}
|
||||||
|
|
||||||
if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
|
if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
|
||||||
{
|
{
|
||||||
@@ -222,6 +226,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
|
|||||||
}
|
}
|
||||||
|
|
||||||
/* Compute r = (g^k mod p) mod q */
|
/* Compute r = (g^k mod p) mod q */
|
||||||
|
|
||||||
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
|
if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
|
||||||
{
|
{
|
||||||
if (!BN_copy(&kq, &k)) goto err;
|
if (!BN_copy(&kq, &k)) goto err;
|
||||||
@@ -244,7 +249,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
|
|||||||
{
|
{
|
||||||
K = &k;
|
K = &k;
|
||||||
}
|
}
|
||||||
|
|
||||||
if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
|
if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
|
||||||
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
|
(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
|
||||||
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
|
if (!BN_mod(r,r,dsa->q,ctx)) goto err;
|
||||||
|
|||||||
@@ -14,14 +14,14 @@ const char * const FIPS_source_hashes[] = {
|
|||||||
"HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
|
"HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
|
||||||
"HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
|
"HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
|
||||||
"HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
|
"HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
|
||||||
"HMAC-SHA1(dh/fips_dh_key.c)= cd45eda7647067117adb8e80b27c3b6b34d79155",
|
"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
|
||||||
"HMAC-SHA1(dsa/fips_dsa_ossl.c)= ee0fbfd18d6b67a40f9a3716e6b890a487b0bbd4",
|
"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
|
||||||
"HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
|
"HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
|
||||||
"HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
|
"HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
|
||||||
"HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
|
"HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
|
||||||
"HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
|
"HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
|
||||||
"HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
|
"HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
|
||||||
"HMAC-SHA1(rsa/fips_rsa_eay.c)= 5a7967745033e29b67f552ca77f9150f7352fa1c",
|
"HMAC-SHA1(rsa/fips_rsa_eay.c)= cab2bd6ef3486dda631be44712ace391b534ad36",
|
||||||
"HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
|
"HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
|
||||||
"HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
|
"HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
|
||||||
"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
|
"HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
|
||||||
|
|||||||
@@ -385,6 +385,7 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
|
|||||||
|
|
||||||
if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
|
||||||
{
|
{
|
||||||
|
BN_init(&local_d);
|
||||||
d = &local_d;
|
d = &local_d;
|
||||||
BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
|
||||||
}
|
}
|
||||||
|
|||||||
Reference in New Issue
Block a user