*
*/
+#define OPENSSL_FIPSAPI
+
#include "cryptlib.h"
#include "bn_lcl.h"
/* solves ax == 1 (mod n) */
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx);
+
BIGNUM *BN_mod_inverse(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
+ BIGNUM *rv;
+ int noinv;
+ rv = int_bn_mod_inverse(in, a, n, ctx, &noinv);
+ if (noinv)
+ BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ return rv;
+ }
+
+BIGNUM *int_bn_mod_inverse(BIGNUM *in,
+ const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx, int *pnoinv)
+ {
BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
BIGNUM *ret=NULL;
int sign;
- if (BN_get_flags(n, BN_FLG_CONSTTIME) != 0)
+ if (pnoinv)
+ *pnoinv = 0;
+
+ if ((BN_get_flags(a, BN_FLG_CONSTTIME) != 0) || (BN_get_flags(n, BN_FLG_CONSTTIME) != 0))
{
return BN_mod_inverse_no_branch(in, a, n, ctx);
}
}
else
{
- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ if (pnoinv)
+ *pnoinv = 1;
goto err;
}
ret=R;
/* BN_mod_inverse_no_branch is a special version of BN_mod_inverse.
* It does not contain branches that may leak sensitive information.
*/
-BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
+static BIGNUM *BN_mod_inverse_no_branch(BIGNUM *in,
const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
{
BIGNUM *A,*B,*X,*Y,*M,*D,*T,*R=NULL;
}
else
{
- BNerr(BN_F_BN_MOD_INVERSE,BN_R_NO_INVERSE);
+ BNerr(BN_F_BN_MOD_INVERSE_NO_BRANCH,BN_R_NO_INVERSE);
goto err;
}
ret=R;