Replace (sometimes conditional) use of alloca with malloc, and clearing

through volatile pointers with explicit_bzero(). ok beck@ jsing@
author: miod <> 2014-05-23 16:11:55 +0000
committer: miod <> 2014-05-23 16:11:55 +0000
commit: 76239d9bd4d0cc5be88967253bdce2d127b6c88f (patch)
tree: fdb00013257208a983266fe45982cfcc5c4550f4
parent: 4c437d3b4323b5ac149e32aebdc90ce3f849067a (diff)
download: openbsd-76239d9bd4d0cc5be88967253bdce2d127b6c88f.tar.gz
openbsd-76239d9bd4d0cc5be88967253bdce2d127b6c88f.tar.bz2
openbsd-76239d9bd4d0cc5be88967253bdce2d127b6c88f.zip
4 files changed, 32 insertions, 78 deletions
diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c
index 0eebb9824f..742188982c 100644
--- a/src/lib/libcrypto/bn/bn_asm.c
+++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -888,7 +888,6 @@ bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
 #ifdef OPENSSL_NO_ASM
 #ifdef OPENSSL_BN_ASM_MONT
-#include <alloca.h>
 /*
 * This is essentially reference implementation, which may or may not
 * result in performance improvement. E.g. on IA-32 this routine was
@@ -909,14 +908,15 @@ bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG
 #ifdef mul64
        BN_ULONG mh;
 #endif
-        volatile BN_ULONG *vp;
        int i = 0, j;
 #if 0   /* template for platform-specific implementation */
        if (ap == bp)
                return bn_sqr_mont(rp, ap, np, n0p, num);
 #endif
-        vp = tp = alloca((num + 2)*sizeof(BN_ULONG));
+        tp = reallocarray(NULL, num + 2, sizeof(BN_ULONG));
+        if (tp == NULL)
+                return 0;
        n0 = *n0p;
@@ -979,15 +979,13 @@ enter:
        if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
                c0 = bn_sub_words(rp, tp, np, num);
                if (tp[num] != 0 || c0 == 0) {
-                        for (i = 0; i < num + 2; i++)
+                        goto out;
-                                vp[i] = 0;
-                        return 1;
                }
        }
-        for (i = 0; i < num; i++)
+        memcpy(rp, tp, num * sizeof(BN_ULONG));
-                rp[i] = tp[i],  vp[i] = 0;
+out:
-        vp[num] = 0;
+        explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
-        vp[num + 1] = 0;
+        free(tp);
        return 1;
 }
 #else
@@ -1045,19 +1043,16 @@ bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 #ifdef OPENSSL_NO_ASM
 #ifdef OPENSSL_BN_ASM_MONT
-#include <alloca.h>
 int
 bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
    const BN_ULONG *np, const BN_ULONG *n0p, int num)
 {
        BN_ULONG c0, c1, *tp, n0 = *n0p;
-        volatile BN_ULONG *vp;
        int i = 0, j;
-        vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+        tp = calloc(NULL, num + 2, sizeof(BN_ULONG));
+        if (tp == NULL)
-        for(i = 0; i <= num; i++)
+                return 0;
-                tp[i] = 0;
        for (i = 0; i < num; i++) {
                c0 = bn_mul_add_words(tp, ap, num, bp[i]);
@@ -1076,15 +1071,13 @@ bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
        if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
                c0 = bn_sub_words(rp, tp, np, num);
                if (tp[num] != 0 || c0 == 0) {
-                        for (i = 0; i < num + 2; i++)
+                        goto out;
-                                vp[i] = 0;
-                        return 1;
                }
        }
-        for (i = 0; i < num; i++)
+        memcpy(rp, tp, num * sizeof(BN_ULONG));
-                rp[i] = tp[i], vp[i] = 0;
+out:
-        vp[num] = 0;
+        explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
-        vp[num + 1] = 0;
+        free(tp);
        return 1;
 }
 #else
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 5d9263e01e..a27373c97b 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -114,11 +114,6 @@
 #include "bn_lcl.h"
 #include <stdlib.h>
-#if defined(__GNUC__)
-# ifndef alloca
-#  define alloca(s) __builtin_alloca((s))
-# endif
-#endif
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE      32
@@ -632,12 +627,6 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        numPowers = 1 << window;
        powerbufLen = sizeof(m->d[0]) * (top * numPowers +
            ((2*top) > numPowers ? (2*top) : numPowers));
-#ifdef alloca
-        if (powerbufLen < 3072)
-                powerbufFree = alloca(powerbufLen +
-                    MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
-        else
-#endif
        if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
            MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
                goto err;
@@ -645,11 +634,6 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
        memset(powerbuf, 0, powerbufLen);
-#ifdef alloca
-        if (powerbufLen < 3072)
-                powerbufFree = NULL;
-#endif
        /* lay down tmp and am right after powers table */
        tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
        am.d = tmp.d + top;
diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c
index 0eebb9824f..742188982c 100644
--- a/src/lib/libssl/src/crypto/bn/bn_asm.c
+++ b/src/lib/libssl/src/crypto/bn/bn_asm.c
@@ -888,7 +888,6 @@ bn_sqr_comba4(BN_ULONG *r, const BN_ULONG *a)
 #ifdef OPENSSL_NO_ASM
 #ifdef OPENSSL_BN_ASM_MONT
-#include <alloca.h>
 /*
 * This is essentially reference implementation, which may or may not
 * result in performance improvement. E.g. on IA-32 this routine was
@@ -909,14 +908,15 @@ bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, const BN_ULONG
 #ifdef mul64
        BN_ULONG mh;
 #endif
-        volatile BN_ULONG *vp;
        int i = 0, j;
 #if 0   /* template for platform-specific implementation */
        if (ap == bp)
                return bn_sqr_mont(rp, ap, np, n0p, num);
 #endif
-        vp = tp = alloca((num + 2)*sizeof(BN_ULONG));
+        tp = reallocarray(NULL, num + 2, sizeof(BN_ULONG));
+        if (tp == NULL)
+                return 0;
        n0 = *n0p;
@@ -979,15 +979,13 @@ enter:
        if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
                c0 = bn_sub_words(rp, tp, np, num);
                if (tp[num] != 0 || c0 == 0) {
-                        for (i = 0; i < num + 2; i++)
+                        goto out;
-                                vp[i] = 0;
-                        return 1;
                }
        }
-        for (i = 0; i < num; i++)
+        memcpy(rp, tp, num * sizeof(BN_ULONG));
-                rp[i] = tp[i],  vp[i] = 0;
+out:
-        vp[num] = 0;
+        explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
-        vp[num + 1] = 0;
+        free(tp);
        return 1;
 }
 #else
@@ -1045,19 +1043,16 @@ bn_mul_comba8(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b)
 #ifdef OPENSSL_NO_ASM
 #ifdef OPENSSL_BN_ASM_MONT
-#include <alloca.h>
 int
 bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
    const BN_ULONG *np, const BN_ULONG *n0p, int num)
 {
        BN_ULONG c0, c1, *tp, n0 = *n0p;
-        volatile BN_ULONG *vp;
        int i = 0, j;
-        vp = tp = alloca((num + 2) * sizeof(BN_ULONG));
+        tp = calloc(NULL, num + 2, sizeof(BN_ULONG));
+        if (tp == NULL)
-        for(i = 0; i <= num; i++)
+                return 0;
-                tp[i] = 0;
        for (i = 0; i < num; i++) {
                c0 = bn_mul_add_words(tp, ap, num, bp[i]);
@@ -1076,15 +1071,13 @@ bn_mul_mont(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,
        if (tp[num] != 0 || tp[num - 1] >= np[num - 1]) {
                c0 = bn_sub_words(rp, tp, np, num);
                if (tp[num] != 0 || c0 == 0) {
-                        for (i = 0; i < num + 2; i++)
+                        goto out;
-                                vp[i] = 0;
-                        return 1;
                }
        }
-        for (i = 0; i < num; i++)
+        memcpy(rp, tp, num * sizeof(BN_ULONG));
-                rp[i] = tp[i], vp[i] = 0;
+out:
-        vp[num] = 0;
+        explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
-        vp[num + 1] = 0;
+        free(tp);
        return 1;
 }
 #else
diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c
index 5d9263e01e..a27373c97b 100644
--- a/src/lib/libssl/src/crypto/bn/bn_exp.c
+++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -114,11 +114,6 @@
 #include "bn_lcl.h"
 #include <stdlib.h>
-#if defined(__GNUC__)
-# ifndef alloca
-#  define alloca(s) __builtin_alloca((s))
-# endif
-#endif
 /* maximum precomputation table size for *variable* sliding windows */
 #define TABLE_SIZE      32
@@ -632,12 +627,6 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        numPowers = 1 << window;
        powerbufLen = sizeof(m->d[0]) * (top * numPowers +
            ((2*top) > numPowers ? (2*top) : numPowers));
-#ifdef alloca
-        if (powerbufLen < 3072)
-                powerbufFree = alloca(powerbufLen +
-                    MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
-        else
-#endif
        if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
            MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
                goto err;
@@ -645,11 +634,6 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
        powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
        memset(powerbuf, 0, powerbufLen);
-#ifdef alloca
-        if (powerbufLen < 3072)
-                powerbufFree = NULL;
-#endif
        /* lay down tmp and am right after powers table */
        tmp.d = (BN_ULONG *)(powerbuf + sizeof(m->d[0]) * top * numPowers);
        am.d = tmp.d + top;
author	miod <>	2014-05-23 16:11:55 +0000
committer	miod <>	2014-05-23 16:11:55 +0000
commit	76239d9bd4d0cc5be88967253bdce2d127b6c88f (patch)
tree	fdb00013257208a983266fe45982cfcc5c4550f4
parent	4c437d3b4323b5ac149e32aebdc90ce3f849067a (diff)
download	openbsd-76239d9bd4d0cc5be88967253bdce2d127b6c88f.tar.gz openbsd-76239d9bd4d0cc5be88967253bdce2d127b6c88f.tar.bz2 openbsd-76239d9bd4d0cc5be88967253bdce2d127b6c88f.zip

diff --git a/src/lib/libcrypto/bn/bn_asm.c b/src/lib/libcrypto/bn/bn_asm.c index 0eebb9824f..742188982c 100644 --- a/src/lib/libcrypto/bn/bn_asm.c +++ b/src/lib/libcrypto/bn/bn_asm.c
@@ -888,7 +888,6 @@ bn_sqr_comba4(BN_ULONG r, const BN_ULONG a)
888		888
889	#ifdef OPENSSL_NO_ASM	889	#ifdef OPENSSL_NO_ASM
890	#ifdef OPENSSL_BN_ASM_MONT	890	#ifdef OPENSSL_BN_ASM_MONT
891	#include <alloca.h>
892	/*	891	/*
893	* This is essentially reference implementation, which may or may not	892	* This is essentially reference implementation, which may or may not
894	* result in performance improvement. E.g. on IA-32 this routine was	893	* result in performance improvement. E.g. on IA-32 this routine was
@@ -909,14 +908,15 @@ bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp, const BN_ULONG
909	#ifdef mul64	908	#ifdef mul64
910	BN_ULONG mh;	909	BN_ULONG mh;
911	#endif	910	#endif
912	volatile BN_ULONG *vp;
913	int i = 0, j;	911	int i = 0, j;
914		912
915	#if 0 /* template for platform-specific implementation */	913	#if 0 /* template for platform-specific implementation */
916	if (ap == bp)	914	if (ap == bp)
917	return bn_sqr_mont(rp, ap, np, n0p, num);	915	return bn_sqr_mont(rp, ap, np, n0p, num);
918	#endif	916	#endif
919	vp = tp = alloca((num + 2)*sizeof(BN_ULONG));	917	tp = reallocarray(NULL, num + 2, sizeof(BN_ULONG));
		918	if (tp == NULL)
		919	return 0;
920		920
921	n0 = *n0p;	921	n0 = *n0p;
922		922
@@ -979,15 +979,13 @@ enter:
979	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {	979	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {
980	c0 = bn_sub_words(rp, tp, np, num);	980	c0 = bn_sub_words(rp, tp, np, num);
981	if (tp[num] != 0 \|\| c0 == 0) {	981	if (tp[num] != 0 \|\| c0 == 0) {
982	for (i = 0; i < num + 2; i++)	982	goto out;
983	vp[i] = 0;
984	return 1;
985	}	983	}
986	}	984	}
987	for (i = 0; i < num; i++)	985	memcpy(rp, tp, num * sizeof(BN_ULONG));
988	rp[i] = tp[i], vp[i] = 0;	986	out:
989	vp[num] = 0;	987	explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
990	vp[num + 1] = 0;	988	free(tp);
991	return 1;	989	return 1;
992	}	990	}
993	#else	991	#else
@@ -1045,19 +1043,16 @@ bn_mul_comba8(BN_ULONG r, BN_ULONG a, BN_ULONG *b)
1045		1043
1046	#ifdef OPENSSL_NO_ASM	1044	#ifdef OPENSSL_NO_ASM
1047	#ifdef OPENSSL_BN_ASM_MONT	1045	#ifdef OPENSSL_BN_ASM_MONT
1048	#include <alloca.h>
1049	int	1046	int
1050	bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,	1047	bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
1051	const BN_ULONG np, const BN_ULONG n0p, int num)	1048	const BN_ULONG np, const BN_ULONG n0p, int num)
1052	{	1049	{
1053	BN_ULONG c0, c1, tp, n0 = n0p;	1050	BN_ULONG c0, c1, tp, n0 = n0p;
1054	volatile BN_ULONG *vp;
1055	int i = 0, j;	1051	int i = 0, j;
1056		1052
1057	vp = tp = alloca((num + 2) * sizeof(BN_ULONG));	1053	tp = calloc(NULL, num + 2, sizeof(BN_ULONG));
1058		1054	if (tp == NULL)
1059	for(i = 0; i <= num; i++)	1055	return 0;
1060	tp[i] = 0;
1061		1056
1062	for (i = 0; i < num; i++) {	1057	for (i = 0; i < num; i++) {
1063	c0 = bn_mul_add_words(tp, ap, num, bp[i]);	1058	c0 = bn_mul_add_words(tp, ap, num, bp[i]);
@@ -1076,15 +1071,13 @@ bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
1076	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {	1071	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {
1077	c0 = bn_sub_words(rp, tp, np, num);	1072	c0 = bn_sub_words(rp, tp, np, num);
1078	if (tp[num] != 0 \|\| c0 == 0) {	1073	if (tp[num] != 0 \|\| c0 == 0) {
1079	for (i = 0; i < num + 2; i++)	1074	goto out;
1080	vp[i] = 0;
1081	return 1;
1082	}	1075	}
1083	}	1076	}
1084	for (i = 0; i < num; i++)	1077	memcpy(rp, tp, num * sizeof(BN_ULONG));
1085	rp[i] = tp[i], vp[i] = 0;	1078	out:
1086	vp[num] = 0;	1079	explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
1087	vp[num + 1] = 0;	1080	free(tp);
1088	return 1;	1081	return 1;
1089	}	1082	}
1090	#else	1083	#else


diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index 5d9263e01e..a27373c97b 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -114,11 +114,6 @@
114	#include "bn_lcl.h"	114	#include "bn_lcl.h"
115		115
116	#include <stdlib.h>	116	#include <stdlib.h>
117	#if defined(__GNUC__)
118	# ifndef alloca
119	# define alloca(s) __builtin_alloca((s))
120	# endif
121	#endif
122		117
123	/* maximum precomputation table size for variable sliding windows */	118	/* maximum precomputation table size for variable sliding windows */
124	#define TABLE_SIZE 32	119	#define TABLE_SIZE 32
@@ -632,12 +627,6 @@ BN_mod_exp_mont_consttime(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
632	numPowers = 1 << window;	627	numPowers = 1 << window;
633	powerbufLen = sizeof(m->d[0]) * (top * numPowers +	628	powerbufLen = sizeof(m->d[0]) * (top * numPowers +
634	((2top) > numPowers ? (2top) : numPowers));	629	((2top) > numPowers ? (2top) : numPowers));
635	#ifdef alloca
636	if (powerbufLen < 3072)
637	powerbufFree = alloca(powerbufLen +
638	MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
639	else
640	#endif
641	if ((powerbufFree = (unsigned char*)malloc(powerbufLen +	630	if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
642	MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)	631	MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
643	goto err;	632	goto err;
@@ -645,11 +634,6 @@ BN_mod_exp_mont_consttime(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
645	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);	634	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
646	memset(powerbuf, 0, powerbufLen);	635	memset(powerbuf, 0, powerbufLen);
647		636
648	#ifdef alloca
649	if (powerbufLen < 3072)
650	powerbufFree = NULL;
651	#endif
652
653	/* lay down tmp and am right after powers table */	637	/* lay down tmp and am right after powers table */
654	tmp.d = (BN_ULONG )(powerbuf + sizeof(m->d[0]) top * numPowers);	638	tmp.d = (BN_ULONG )(powerbuf + sizeof(m->d[0]) top * numPowers);
655	am.d = tmp.d + top;	639	am.d = tmp.d + top;


diff --git a/src/lib/libssl/src/crypto/bn/bn_asm.c b/src/lib/libssl/src/crypto/bn/bn_asm.c index 0eebb9824f..742188982c 100644 --- a/src/lib/libssl/src/crypto/bn/bn_asm.c +++ b/src/lib/libssl/src/crypto/bn/bn_asm.c
@@ -888,7 +888,6 @@ bn_sqr_comba4(BN_ULONG r, const BN_ULONG a)
888		888
889	#ifdef OPENSSL_NO_ASM	889	#ifdef OPENSSL_NO_ASM
890	#ifdef OPENSSL_BN_ASM_MONT	890	#ifdef OPENSSL_BN_ASM_MONT
891	#include <alloca.h>
892	/*	891	/*
893	* This is essentially reference implementation, which may or may not	892	* This is essentially reference implementation, which may or may not
894	* result in performance improvement. E.g. on IA-32 this routine was	893	* result in performance improvement. E.g. on IA-32 this routine was
@@ -909,14 +908,15 @@ bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp, const BN_ULONG
909	#ifdef mul64	908	#ifdef mul64
910	BN_ULONG mh;	909	BN_ULONG mh;
911	#endif	910	#endif
912	volatile BN_ULONG *vp;
913	int i = 0, j;	911	int i = 0, j;
914		912
915	#if 0 /* template for platform-specific implementation */	913	#if 0 /* template for platform-specific implementation */
916	if (ap == bp)	914	if (ap == bp)
917	return bn_sqr_mont(rp, ap, np, n0p, num);	915	return bn_sqr_mont(rp, ap, np, n0p, num);
918	#endif	916	#endif
919	vp = tp = alloca((num + 2)*sizeof(BN_ULONG));	917	tp = reallocarray(NULL, num + 2, sizeof(BN_ULONG));
		918	if (tp == NULL)
		919	return 0;
920		920
921	n0 = *n0p;	921	n0 = *n0p;
922		922
@@ -979,15 +979,13 @@ enter:
979	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {	979	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {
980	c0 = bn_sub_words(rp, tp, np, num);	980	c0 = bn_sub_words(rp, tp, np, num);
981	if (tp[num] != 0 \|\| c0 == 0) {	981	if (tp[num] != 0 \|\| c0 == 0) {
982	for (i = 0; i < num + 2; i++)	982	goto out;
983	vp[i] = 0;
984	return 1;
985	}	983	}
986	}	984	}
987	for (i = 0; i < num; i++)	985	memcpy(rp, tp, num * sizeof(BN_ULONG));
988	rp[i] = tp[i], vp[i] = 0;	986	out:
989	vp[num] = 0;	987	explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
990	vp[num + 1] = 0;	988	free(tp);
991	return 1;	989	return 1;
992	}	990	}
993	#else	991	#else
@@ -1045,19 +1043,16 @@ bn_mul_comba8(BN_ULONG r, BN_ULONG a, BN_ULONG *b)
1045		1043
1046	#ifdef OPENSSL_NO_ASM	1044	#ifdef OPENSSL_NO_ASM
1047	#ifdef OPENSSL_BN_ASM_MONT	1045	#ifdef OPENSSL_BN_ASM_MONT
1048	#include <alloca.h>
1049	int	1046	int
1050	bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,	1047	bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
1051	const BN_ULONG np, const BN_ULONG n0p, int num)	1048	const BN_ULONG np, const BN_ULONG n0p, int num)
1052	{	1049	{
1053	BN_ULONG c0, c1, tp, n0 = n0p;	1050	BN_ULONG c0, c1, tp, n0 = n0p;
1054	volatile BN_ULONG *vp;
1055	int i = 0, j;	1051	int i = 0, j;
1056		1052
1057	vp = tp = alloca((num + 2) * sizeof(BN_ULONG));	1053	tp = calloc(NULL, num + 2, sizeof(BN_ULONG));
1058		1054	if (tp == NULL)
1059	for(i = 0; i <= num; i++)	1055	return 0;
1060	tp[i] = 0;
1061		1056
1062	for (i = 0; i < num; i++) {	1057	for (i = 0; i < num; i++) {
1063	c0 = bn_mul_add_words(tp, ap, num, bp[i]);	1058	c0 = bn_mul_add_words(tp, ap, num, bp[i]);
@@ -1076,15 +1071,13 @@ bn_mul_mont(BN_ULONG rp, const BN_ULONG ap, const BN_ULONG *bp,
1076	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {	1071	if (tp[num] != 0 \|\| tp[num - 1] >= np[num - 1]) {
1077	c0 = bn_sub_words(rp, tp, np, num);	1072	c0 = bn_sub_words(rp, tp, np, num);
1078	if (tp[num] != 0 \|\| c0 == 0) {	1073	if (tp[num] != 0 \|\| c0 == 0) {
1079	for (i = 0; i < num + 2; i++)	1074	goto out;
1080	vp[i] = 0;
1081	return 1;
1082	}	1075	}
1083	}	1076	}
1084	for (i = 0; i < num; i++)	1077	memcpy(rp, tp, num * sizeof(BN_ULONG));
1085	rp[i] = tp[i], vp[i] = 0;	1078	out:
1086	vp[num] = 0;	1079	explicit_bzero(tp, (num + 2) * sizeof(BN_ULONG));
1087	vp[num + 1] = 0;	1080	free(tp);
1088	return 1;	1081	return 1;
1089	}	1082	}
1090	#else	1083	#else


diff --git a/src/lib/libssl/src/crypto/bn/bn_exp.c b/src/lib/libssl/src/crypto/bn/bn_exp.c index 5d9263e01e..a27373c97b 100644 --- a/src/lib/libssl/src/crypto/bn/bn_exp.c +++ b/src/lib/libssl/src/crypto/bn/bn_exp.c
@@ -114,11 +114,6 @@
114	#include "bn_lcl.h"	114	#include "bn_lcl.h"
115		115
116	#include <stdlib.h>	116	#include <stdlib.h>
117	#if defined(__GNUC__)
118	# ifndef alloca
119	# define alloca(s) __builtin_alloca((s))
120	# endif
121	#endif
122		117
123	/* maximum precomputation table size for variable sliding windows */	118	/* maximum precomputation table size for variable sliding windows */
124	#define TABLE_SIZE 32	119	#define TABLE_SIZE 32
@@ -632,12 +627,6 @@ BN_mod_exp_mont_consttime(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
632	numPowers = 1 << window;	627	numPowers = 1 << window;
633	powerbufLen = sizeof(m->d[0]) * (top * numPowers +	628	powerbufLen = sizeof(m->d[0]) * (top * numPowers +
634	((2top) > numPowers ? (2top) : numPowers));	629	((2top) > numPowers ? (2top) : numPowers));
635	#ifdef alloca
636	if (powerbufLen < 3072)
637	powerbufFree = alloca(powerbufLen +
638	MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH);
639	else
640	#endif
641	if ((powerbufFree = (unsigned char*)malloc(powerbufLen +	630	if ((powerbufFree = (unsigned char*)malloc(powerbufLen +
642	MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)	631	MOD_EXP_CTIME_MIN_CACHE_LINE_WIDTH)) == NULL)
643	goto err;	632	goto err;
@@ -645,11 +634,6 @@ BN_mod_exp_mont_consttime(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
645	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);	634	powerbuf = MOD_EXP_CTIME_ALIGN(powerbufFree);
646	memset(powerbuf, 0, powerbufLen);	635	memset(powerbuf, 0, powerbufLen);
647		636
648	#ifdef alloca
649	if (powerbufLen < 3072)
650	powerbufFree = NULL;
651	#endif
652
653	/* lay down tmp and am right after powers table */	637	/* lay down tmp and am right after powers table */
654	tmp.d = (BN_ULONG )(powerbuf + sizeof(m->d[0]) top * numPowers);	638	tmp.d = (BN_ULONG )(powerbuf + sizeof(m->d[0]) top * numPowers);
655	am.d = tmp.d + top;	639	am.d = tmp.d + top;