Make explicit _ct and _nonct versions of bn_mod_exp funcitons that

matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
author: beck <> 2017-01-21 09:38:59 +0000
committer: beck <> 2017-01-21 09:38:59 +0000
commit: a0a595cda97de2b217b0582cfa601ee4c746bfce (patch)
tree: a68beae7892dad13fd8d76ba1fc45e6570e3360b /src/lib/libcrypto/bn/bn_sqrt.c
parent: 0150f186622a6f660c4e80dc9a36dc843ac87b7c (diff)
download: openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.gz
openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.bz2
openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.zip
1 files changed, 5 insertions, 5 deletions
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index e5231d2a95..5928dfc79d 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_sqrt.c,v 1.7 2016/11/08 01:40:22 guenther Exp $ */
+/* $OpenBSD: bn_sqrt.c,v 1.8 2017/01/21 09:38:58 beck Exp $ */
 /* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
 * and Bodo Moeller for the OpenSSL project. */
 /* ====================================================================
@@ -149,7 +149,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                q->neg = 0;
                if (!BN_add_word(q, 1))
                        goto end;
-                if (!BN_mod_exp(ret, A, q, p, ctx))
+                if (!BN_mod_exp_ct(ret, A, q, p, ctx))
                        goto end;
                err = 0;
                goto vrfy;
@@ -190,7 +190,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                if (!BN_rshift(q, p, 3))
                        goto end;
                q->neg = 0;
-                if (!BN_mod_exp(b, t, q, p, ctx))
+                if (!BN_mod_exp_ct(b, t, q, p, ctx))
                        goto end;
                /* y := b^2 */
@@ -272,7 +272,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
        /* Now that we have some non-square, we can find an element
         * of order  2^e  by computing its q'th power. */
-        if (!BN_mod_exp(y, y, q, p, ctx))
+        if (!BN_mod_exp_ct(y, y, q, p, ctx))
                goto end;
        if (BN_is_one(y)) {
                BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
@@ -314,7 +314,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
                } else if (!BN_one(x))
                        goto end;
        } else {
-                if (!BN_mod_exp(x, A, t, p, ctx))
+                if (!BN_mod_exp_ct(x, A, t, p, ctx))
                        goto end;
                if (BN_is_zero(x)) {
                        /* special case: a == 0  (mod p) */
author	beck <>	2017-01-21 09:38:59 +0000
committer	beck <>	2017-01-21 09:38:59 +0000
commit	a0a595cda97de2b217b0582cfa601ee4c746bfce (patch)
tree	a68beae7892dad13fd8d76ba1fc45e6570e3360b /src/lib/libcrypto/bn/bn_sqrt.c
parent	0150f186622a6f660c4e80dc9a36dc843ac87b7c (diff)
download	openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.gz openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.tar.bz2 openbsd-a0a595cda97de2b217b0582cfa601ee4c746bfce.zip

diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c index e5231d2a95..5928dfc79d 100644 --- a/src/lib/libcrypto/bn/bn_sqrt.c +++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: bn_sqrt.c,v 1.7 2016/11/08 01:40:22 guenther Exp $ */	1	/* $OpenBSD: bn_sqrt.c,v 1.8 2017/01/21 09:38:58 beck Exp $ */
2	/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>	2	/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3	* and Bodo Moeller for the OpenSSL project. */	3	* and Bodo Moeller for the OpenSSL project. */
4	/* ====================================================================	4	/* ====================================================================
@@ -149,7 +149,7 @@ BN_mod_sqrt(BIGNUM in, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
149	q->neg = 0;	149	q->neg = 0;
150	if (!BN_add_word(q, 1))	150	if (!BN_add_word(q, 1))
151	goto end;	151	goto end;
152	if (!BN_mod_exp(ret, A, q, p, ctx))	152	if (!BN_mod_exp_ct(ret, A, q, p, ctx))
153	goto end;	153	goto end;
154	err = 0;	154	err = 0;
155	goto vrfy;	155	goto vrfy;
@@ -190,7 +190,7 @@ BN_mod_sqrt(BIGNUM in, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
190	if (!BN_rshift(q, p, 3))	190	if (!BN_rshift(q, p, 3))
191	goto end;	191	goto end;
192	q->neg = 0;	192	q->neg = 0;
193	if (!BN_mod_exp(b, t, q, p, ctx))	193	if (!BN_mod_exp_ct(b, t, q, p, ctx))
194	goto end;	194	goto end;
195		195
196	/* y := b^2 */	196	/* y := b^2 */
@@ -272,7 +272,7 @@ BN_mod_sqrt(BIGNUM in, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
272		272
273	/* Now that we have some non-square, we can find an element	273	/* Now that we have some non-square, we can find an element
274	* of order 2^e by computing its q'th power. */	274	* of order 2^e by computing its q'th power. */
275	if (!BN_mod_exp(y, y, q, p, ctx))	275	if (!BN_mod_exp_ct(y, y, q, p, ctx))
276	goto end;	276	goto end;
277	if (BN_is_one(y)) {	277	if (BN_is_one(y)) {
278	BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);	278	BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
@@ -314,7 +314,7 @@ BN_mod_sqrt(BIGNUM in, const BIGNUM a, const BIGNUM p, BN_CTX ctx)
314	} else if (!BN_one(x))	314	} else if (!BN_one(x))
315	goto end;	315	goto end;
316	} else {	316	} else {
317	if (!BN_mod_exp(x, A, t, p, ctx))	317	if (!BN_mod_exp_ct(x, A, t, p, ctx))
318	goto end;	318	goto end;
319	if (BN_is_zero(x)) {	319	if (BN_is_zero(x)) {
320	/* special case: a == 0 (mod p) */	320	/* special case: a == 0 (mod p) */