Use BN_with_flags() in a cleaner way.

author Bodo Möller <bodo@openssl.org>

Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)

committer Bodo Möller <bodo@openssl.org>

Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)
author Bodo Möller <bodo@openssl.org>
Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)
committer Bodo Möller <bodo@openssl.org>
Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)
diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h

index 91674afd37d8088107b678fdedd82627dd4fa9a3..d26c2211f91055af2f737ea5bbdf012b8b28461b 100644 (file)
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -231,6 +231,8 @@ extern "C" {
  #define BN_set_flags(b,n)      ((b)->flags|=(n))
  #define BN_get_flags(b,n)      ((b)->flags&(n))
  
+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
  #define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
                                    (dest)->top=(b)->top, \
                                    (dest)->dmax=(b)->dmax, \
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c

index f7ed790f35f51a18be1b44951234808e6d1939bb..071b43f8436d210a6da174295f48e14ab8c81c58 100644 (file)
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -150,6 +150,7 @@ static int generate_key(DH *dh)
  
                 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
                         {
+                       BN_init(&local_prk);
                         prk = &local_prk;
                         BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
                         }
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c

index 63bd8bff2d8acf42e17332df41ade99c8cb7d497..980b6dc2d3029a558aca448d7eb56ba8ff930549 100644 (file)
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa)
  
                 if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
                         {
+                       BN_init(&local_prk);
                         prk = &local_prk;
                         BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
                         }
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c

index 4aefd5419216d7c91a57598cc7dafc2778bd30c2..ed2d0ad3741fc53c83a0e00a2946b0f619dbfdab 100644 (file)
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                 
                 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
                         {
+                       BN_init(&local_d);
                         d = &local_d;
                         BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
                         }
diff --git a/fips/Makefile b/fips/Makefile

index 67254f24fcf987f6cfbc9f711bdfe7bb3aeb89a1..2ac2cd5eb722e9657db7e13318007bac5f98b8de 100644 (file)
--- a/fips/Makefile
+++ b/fips/Makefile
@@ -11,9 +11,10 @@ CFLAG=               -g
  INSTALL_PREFIX=
  OPENSSLDIR=     /usr/local/ssl
  INSTALLTOP=    /usr/local/ssl
+MAKEFILE=       Makefile
  MAKEDEPPROG=   makedepend
  MAKEDEPEND=    $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+PERL=          perl
  RM=             rm -f
  AR=            ar r
  
diff --git a/fips/dh/fips_dh_key.c b/fips/dh/fips_dh_key.c

index 581de173649ccde3e4526f72366c8b488d063522..79c10404d5df5bbd07673f3c9a01b6f6a0ef1d9a 100644 (file)
--- a/fips/dh/fips_dh_key.c
+++ b/fips/dh/fips_dh_key.c
@@ -152,6 +152,7 @@ static int generate_key(DH *dh)
  
                 if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
                         {
+                       BN_init(&local_prk);
                         prk = &local_prk;
                         BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
                         }
diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c

index 8529c52a4c86e22cc480e9ffee887507cf66101c..f8f3a39343cb1e915fc54435ce5be6f064ed1762 100644 (file)
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -212,6 +212,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
         do
                 if (!BN_rand_range(&k, dsa->q)) goto err;
         while (BN_is_zero(&k));
+       if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+               {
+               BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+               }
  
         if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
                 {
@@ -222,6 +226,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 }
  
         /* Compute r = (g^k mod p) mod q */
+
         if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
                 {
                 if (!BN_copy(&kq, &k)) goto err;
@@ -244,7 +249,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
                 {
                 K = &k;
                 }
-
         if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
                 (BN_MONT_CTX *)dsa->method_mont_p)) goto err;
         if (!BN_mod(r,r,dsa->q,ctx)) goto err;
diff --git a/fips/fipshashes.c b/fips/fipshashes.c

index a42276a423e553eb0c2f9a0e8cfc505ca55dc013..cfe6cb7737714860cd3ffa6140b8a3ccc8c8badb 100644 (file)
--- a/fips/fipshashes.c
+++ b/fips/fipshashes.c
@@ -14,14 +14,14 @@ const char * const FIPS_source_hashes[] = {
  "HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
  "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
  "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
-"HMAC-SHA1(dh/fips_dh_key.c)= cd45eda7647067117adb8e80b27c3b6b34d79155",
-"HMAC-SHA1(dsa/fips_dsa_ossl.c)= ee0fbfd18d6b67a40f9a3716e6b890a487b0bbd4",
+"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
  "HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
  "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
  "HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
  "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
  "HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
-"HMAC-SHA1(rsa/fips_rsa_eay.c)= 5a7967745033e29b67f552ca77f9150f7352fa1c",
+"HMAC-SHA1(rsa/fips_rsa_eay.c)= cab2bd6ef3486dda631be44712ace391b534ad36",
  "HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
  "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
  "HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
diff --git a/fips/rsa/fips_rsa_eay.c b/fips/rsa/fips_rsa_eay.c

index 69838f4119c4f4b4c5f755d89ee2346482aedd35..9731464fa9ba564a50bb2faed91ecc265016b843 100644 (file)
--- a/fips/rsa/fips_rsa_eay.c
+++ b/fips/rsa/fips_rsa_eay.c
@@ -385,6 +385,7 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
                 
                 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
                         {
+                       BN_init(&local_d);
                         d = &local_d;
                         BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
                         }
author	Bodo Möller <bodo@openssl.org>
	Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)
committer	Bodo Möller <bodo@openssl.org>
	Fri, 27 May 2005 15:39:15 +0000 (15:39 +0000)
crypto/bn/bn.h		patch \| blob \| history
crypto/dh/dh_key.c		patch \| blob \| history
crypto/dsa/dsa_key.c		patch \| blob \| history
crypto/rsa/rsa_eay.c		patch \| blob \| history
fips/Makefile		patch \| blob \| history
fips/dh/fips_dh_key.c		patch \| blob \| history
fips/dsa/fips_dsa_ossl.c		patch \| blob \| history
fips/fipshashes.c		patch \| blob \| history
fips/rsa/fips_rsa_eay.c		patch \| blob \| history