Use BN_with_flags() in a cleaner way.

Complete previous change: Constant time DSA [sync with mainstream].
2005-05-27 15:39:15 +00:00
parent 7bad200b49
commit 80790d89ec
9 changed files with 17 additions and 5 deletions
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -231,6 +231,8 @@ extern "C" {
 #define BN_set_flags(b,n)	((b)->flags|=(n))
 #define BN_get_flags(b,n)	((b)->flags&(n))

+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
 #define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
                                  (dest)->top=(b)->top, \
                                  (dest)->dmax=(b)->dmax, \
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -150,6 +150,7 @@ static int generate_key(DH *dh)

 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa)

 		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		
 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
 			{
+			BN_init(&local_d);
 			d = &local_d;
 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
 			}
--- a/fips/Makefile
+++ b/fips/Makefile
@@ -11,9 +11,10 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
+MAKEFILE=       Makefile
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+PERL=		perl
 RM=             rm -f
 AR=		ar r

--- a/fips/dh/fips_dh_key.c
+++ b/fips/dh/fips_dh_key.c
@@ -152,6 +152,7 @@ static int generate_key(DH *dh)

 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -212,6 +212,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	do
 		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+		}

 	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
 		{
@@ -222,6 +226,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}

 	/* Compute r = (g^k mod p) mod q */
+
 	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 		{
 		if (!BN_copy(&kq, &k)) goto err;
@@ -244,7 +249,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		{
 		K = &k;
 		}
-
 	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
--- a/fips/fipshashes.c
+++ b/fips/fipshashes.c
@@ -14,14 +14,14 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
 "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
 "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
-"HMAC-SHA1(dh/fips_dh_key.c)= cd45eda7647067117adb8e80b27c3b6b34d79155",
-"HMAC-SHA1(dsa/fips_dsa_ossl.c)= ee0fbfd18d6b67a40f9a3716e6b890a487b0bbd4",
+"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
 "HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
 "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
 "HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
 "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
 "HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
-"HMAC-SHA1(rsa/fips_rsa_eay.c)= 5a7967745033e29b67f552ca77f9150f7352fa1c",
+"HMAC-SHA1(rsa/fips_rsa_eay.c)= cab2bd6ef3486dda631be44712ace391b534ad36",
 "HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
 "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
 "HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
--- a/fips/rsa/fips_rsa_eay.c
+++ b/fips/rsa/fips_rsa_eay.c
@@ -385,6 +385,7 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 		
 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
 			{
+			BN_init(&local_d);
 			d = &local_d;
 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
 			}