From 80790d89ec2ba70b5ae593f8f92ef9b113a5fbe2 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Fri, 27 May 2005 15:39:15 +0000 Subject: [PATCH] Use BN_with_flags() in a cleaner way. Complete previous change: Constant time DSA [sync with mainstream]. --- crypto/bn/bn.h | 2 ++ crypto/dh/dh_key.c | 1 + crypto/dsa/dsa_key.c | 1 + crypto/rsa/rsa_eay.c | 1 + fips/Makefile | 3 ++- fips/dh/fips_dh_key.c | 1 + fips/dsa/fips_dsa_ossl.c | 6 +++++- fips/fipshashes.c | 6 +++--- fips/rsa/fips_rsa_eay.c | 1 + 9 files changed, 17 insertions(+), 5 deletions(-) diff --git a/crypto/bn/bn.h b/crypto/bn/bn.h index 91674afd37..d26c2211f9 100644 --- a/crypto/bn/bn.h +++ b/crypto/bn/bn.h @@ -231,6 +231,8 @@ extern "C" { #define BN_set_flags(b,n) ((b)->flags|=(n)) #define BN_get_flags(b,n) ((b)->flags&(n)) +/* get a clone of a BIGNUM with changed flags, for *temporary* use only + * (the two BIGNUMs cannot not be used in parallel!) */ #define BN_with_flags(dest,b,n) ((dest)->d=(b)->d, \ (dest)->top=(b)->top, \ (dest)->dmax=(b)->dmax, \ diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c index f7ed790f35..071b43f843 100644 --- a/crypto/dh/dh_key.c +++ b/crypto/dh/dh_key.c @@ -150,6 +150,7 @@ static int generate_key(DH *dh) if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); } diff --git a/crypto/dsa/dsa_key.c b/crypto/dsa/dsa_key.c index 63bd8bff2d..980b6dc2d3 100644 --- a/crypto/dsa/dsa_key.c +++ b/crypto/dsa/dsa_key.c @@ -97,6 +97,7 @@ int DSA_generate_key(DSA *dsa) if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { + BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); } diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 4aefd54192..ed2d0ad374 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -377,6 +377,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) { + BN_init(&local_d); d = &local_d; BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); } diff --git a/fips/Makefile b/fips/Makefile index 67254f24fc..2ac2cd5eb7 100644 --- a/fips/Makefile +++ b/fips/Makefile @@ -11,9 +11,10 @@ CFLAG= -g INSTALL_PREFIX= OPENSSLDIR= /usr/local/ssl INSTALLTOP= /usr/local/ssl +MAKEFILE= Makefile MAKEDEPPROG= makedepend MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG) -MAKEFILE= Makefile +PERL= perl RM= rm -f AR= ar r diff --git a/fips/dh/fips_dh_key.c b/fips/dh/fips_dh_key.c index 581de17364..79c10404d5 100644 --- a/fips/dh/fips_dh_key.c +++ b/fips/dh/fips_dh_key.c @@ -152,6 +152,7 @@ static int generate_key(DH *dh) if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) { + BN_init(&local_prk); prk = &local_prk; BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); } diff --git a/fips/dsa/fips_dsa_ossl.c b/fips/dsa/fips_dsa_ossl.c index 8529c52a4c..f8f3a39343 100644 --- a/fips/dsa/fips_dsa_ossl.c +++ b/fips/dsa/fips_dsa_ossl.c @@ -212,6 +212,10 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) do if (!BN_rand_range(&k, dsa->q)) goto err; while (BN_is_zero(&k)); + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) + { + BN_set_flags(&k, BN_FLG_EXP_CONSTTIME); + } if (dsa->flags & DSA_FLAG_CACHE_MONT_P) { @@ -222,6 +226,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) } /* Compute r = (g^k mod p) mod q */ + if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) { if (!BN_copy(&kq, &k)) goto err; @@ -244,7 +249,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) { K = &k; } - if (!dsa->meth->bn_mod_exp(dsa, r,dsa->g,K,dsa->p,ctx, (BN_MONT_CTX *)dsa->method_mont_p)) goto err; if (!BN_mod(r,r,dsa->q,ctx)) goto err; diff --git a/fips/fipshashes.c b/fips/fipshashes.c index a42276a423..cfe6cb7737 100644 --- a/fips/fipshashes.c +++ b/fips/fipshashes.c @@ -14,14 +14,14 @@ const char * const FIPS_source_hashes[] = { "HMAC-SHA1(des/fips_des_locl.h)= e008da40dc6913e374edd66a20d44e1752f00583", "HMAC-SHA1(dh/fips_dh_check.c)= 63347e2007e224381d4a7b6d871633889de72cf3", "HMAC-SHA1(dh/fips_dh_gen.c)= 93fe69b758ca9d70d70cda1c57fff4eb5c668e85", -"HMAC-SHA1(dh/fips_dh_key.c)= cd45eda7647067117adb8e80b27c3b6b34d79155", -"HMAC-SHA1(dsa/fips_dsa_ossl.c)= ee0fbfd18d6b67a40f9a3716e6b890a487b0bbd4", +"HMAC-SHA1(dh/fips_dh_key.c)= 2d79eb8d59929ec129d34f53b5aded4a290a28ca", +"HMAC-SHA1(dsa/fips_dsa_ossl.c)= 2fadb271897a775f023393aa22ddede8a76eec0d", "HMAC-SHA1(dsa/fips_dsa_gen.c)= 78c879484fd849312ca4828b957df3842b70efc0", "HMAC-SHA1(dsa/fips_dsa_selftest.c)= 7c2ba8d82feda2aadc8b769a3b6c4c25a6356e01", "HMAC-SHA1(rand/fips_rand.c)= 7e3964447a81cfe4e75df981827d14a5fe0c2923", "HMAC-SHA1(rand/fips_rand.h)= bf009ea8963e79b1e414442ede9ae7010a03160b", "HMAC-SHA1(rand/fips_rand_selftest.c)= d9c8985e08feecefafe667ad0119d444b42f807c", -"HMAC-SHA1(rsa/fips_rsa_eay.c)= 5a7967745033e29b67f552ca77f9150f7352fa1c", +"HMAC-SHA1(rsa/fips_rsa_eay.c)= cab2bd6ef3486dda631be44712ace391b534ad36", "HMAC-SHA1(rsa/fips_rsa_gen.c)= af83b857d2be13d59e7f1516e6b1a25edd6369c3", "HMAC-SHA1(rsa/fips_rsa_selftest.c)= a9dc47bd1001f795d1565111d26433c300101e06", "HMAC-SHA1(sha/fips_sha1dgst.c)= 26e529d630b5e754b4a29bd1bb697e991e7fdc04", diff --git a/fips/rsa/fips_rsa_eay.c b/fips/rsa/fips_rsa_eay.c index 69838f4119..9731464fa9 100644 --- a/fips/rsa/fips_rsa_eay.c +++ b/fips/rsa/fips_rsa_eay.c @@ -385,6 +385,7 @@ static int RSA_eay_private_encrypt(FIPS_RSA_SIZE_T flen, const unsigned char *fr if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME)) { + BN_init(&local_d); d = &local_d; BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME); } -- 2.25.1