From: Bodo Möller <bodo@openssl.org>
Date: Fri, 27 May 2005 15:39:15 +0000 (+0000)
Subject: Use BN_with_flags() in a cleaner way.
X-Git-Tag: FIPS_TEST_9~35
X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=80790d89ec2ba70b5ae593f8f92ef9b113a5fbe2;p=oweals%2Fopenssl.git

Use BN_with_flags() in a cleaner way.

Complete previous change:
Constant time DSA [sync with mainstream].
---

diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h
index 91674afd37..d26c2211f9 100644
--- a/crypto/bn/bn.h
+++ b/crypto/bn/bn.h
@@ -231,6 +231,8 @@ extern "C" {
 #define BN_set_flags(b,n)	((b)->flags|=(n))
 #define BN_get_flags(b,n)	((b)->flags&(n))
 
+/* get a clone of a BIGNUM with changed flags, for *temporary* use only
+ * (the two BIGNUMs cannot not be used in parallel!) */
 #define BN_with_flags(dest,b,n)  ((dest)->d=(b)->d, \
                                   (dest)->top=(b)->top, \
                                   (dest)->dmax=(b)->dmax, \
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index f7ed790f35..071b43f843 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -150,6 +150,7 @@ static int generate_key(DH *dh)
 
 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c
index 63bd8bff2d..980b6dc2d3 100644
--- a/crypto/dsa/dsa_key.c
+++ b/crypto/dsa/dsa_key.c
@@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa)
 
 		if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 4aefd54192..ed2d0ad374 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
 		
 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
 			{
+			BN_init(&local_d);
 			d = &local_d;
 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
 			}
diff --git a/fips/Makefile b/fips/Makefile
index 67254f24fc..2ac2cd5eb7 100644
--- a/fips/Makefile
+++ b/fips/Makefile
@@ -11,9 +11,10 @@ CFLAG=		-g
 INSTALL_PREFIX=
 OPENSSLDIR=     /usr/local/ssl
 INSTALLTOP=	/usr/local/ssl
+MAKEFILE=       Makefile
 MAKEDEPPROG=	makedepend
 MAKEDEPEND=	$(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
-MAKEFILE=       Makefile
+PERL=		perl
 RM=             rm -f
 AR=		ar r
 
diff --git a/fips/dh/fips_dh_key.c b/fips/dh/fips_dh_key.c
index 581de17364..79c10404d5 100644
--- a/fips/dh/fips_dh_key.c
+++ b/fips/dh/fips_dh_key.c
@@ -152,6 +152,7 @@ static int generate_key(DH *dh)
 
 		if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
 			{
+			BN_init(&local_prk);
 			prk = &local_prk;
 			BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
 			}
diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c
index 8529c52a4c..f8f3a39343 100644
--- a/fips/dsa/fips_dsa_ossl.c
+++ b/fips/dsa/fips_dsa_ossl.c
@@ -212,6 +212,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 	do
 		if (!BN_rand_range(&k, dsa->q)) goto err;
 	while (BN_is_zero(&k));
+	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
+		{
+		BN_set_flags(&k, BN_FLG_EXP_CONSTTIME);
+		}
 
 	if (dsa->flags & DSA_FLAG_CACHE_MONT_P)
 		{
@@ -222,6 +226,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		}
 
 	/* Compute r = (g^k mod p) mod q */
+
 	if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0)
 		{
 		if (!BN_copy(&kq, &k)) goto err;
@@ -244,7 +249,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
 		{
 		K = &k;
 		}
-
 	if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx,
 		(BN_MONT_CTX *)dsa->method_mont_p)) goto err;
 	if (!BN_mod(r,r,dsa->q,ctx)) goto err;
diff --git a/fips/fipshashes.c b/fips/fipshashes.c
index a42276a423..cfe6cb7737 100644
--- a/fips/fipshashes.c
+++ b/fips/fipshashes.c
@@ -14,14 +14,14 @@ const char * const FIPS_source_hashes[] = {
 "HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583",
 "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3",
 "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85",
-"HMAC-SHA1(dh/fips_dh_key.c)= cd45eda7647067117adb8e80b27c3b6b34d79155",
-"HMAC-SHA1(dsa/fips_dsa_ossl.c)= ee0fbfd18d6b67a40f9a3716e6b890a487b0bbd4",
+"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca",
+"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d",
 "HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0",
 "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01",
 "HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923",
 "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b",
 "HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c",
-"HMAC-SHA1(rsa/fips_rsa_eay.c)= 5a7967745033e29b67f552ca77f9150f7352fa1c",
+"HMAC-SHA1(rsa/fips_rsa_eay.c)= cab2bd6ef3486dda631be44712ace391b534ad36",
 "HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3",
 "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06",
 "HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04",
diff --git a/fips/rsa/fips_rsa_eay.c b/fips/rsa/fips_rsa_eay.c
index 69838f4119..9731464fa9 100644
--- a/fips/rsa/fips_rsa_eay.c
+++ b/fips/rsa/fips_rsa_eay.c
@@ -385,6 +385,7 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr
 		
 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
 			{
+			BN_init(&local_d);
 			d = &local_d;
 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
 			}