summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/bn
diff options
context:
space:
mode:
authortb <>2023-07-28 10:05:16 +0000
committertb <>2023-07-28 10:05:16 +0000
commit6cc5955271563c498eb75bea6798690a380d43cf (patch)
tree9d9e5e88058fce53bb18a48739125946a2639657 /src/lib/libcrypto/bn
parent8d8ca2c8c440c1df72455fe4055627e4110c3973 (diff)
downloadopenbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.gz
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.tar.bz2
openbsd-6cc5955271563c498eb75bea6798690a380d43cf.zip
Make BN_BLINDING internal
RSA is pretty bad. In my most optimistic moments I dream of a world that stopped using it. That won't happen during my lifetime, unfortunately. Blinding is one way of making it a little less leaky. Unfortunately this side-channel leak mitigation leaked out of the library for no good reason. Let's at least fix that aspect of it. ok jsing
Diffstat (limited to 'src/lib/libcrypto/bn')
-rw-r--r--src/lib/libcrypto/bn/bn.h23
-rw-r--r--src/lib/libcrypto/bn/bn_blind.c13
-rw-r--r--src/lib/libcrypto/bn/bn_local.h23
3 files changed, 24 insertions, 35 deletions
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 7dc138d170..689196c911 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn.h,v 1.72 2023/06/13 09:12:22 tb Exp $ */ 1/* $OpenBSD: bn.h,v 1.73 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -449,27 +449,6 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from);
449BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, 449BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock,
450 const BIGNUM *mod, BN_CTX *ctx); 450 const BIGNUM *mod, BN_CTX *ctx);
451 451
452/* BN_BLINDING flags */
453#define BN_BLINDING_NO_UPDATE 0x00000001
454#define BN_BLINDING_NO_RECREATE 0x00000002
455
456BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
457void BN_BLINDING_free(BN_BLINDING *b);
458int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
459int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
460int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
461int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
462int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
463
464CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
465unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
466void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
467BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
468 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
469 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
470 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
471 BN_MONT_CTX *m_ctx);
472
473/* Primes from RFC 2409 */ 452/* Primes from RFC 2409 */
474BIGNUM *get_rfc2409_prime_768(BIGNUM *bn); 453BIGNUM *get_rfc2409_prime_768(BIGNUM *bn);
475BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn); 454BIGNUM *get_rfc2409_prime_1024(BIGNUM *bn);
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index 07cd359e7e..7332df2b56 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_blind.c,v 1.23 2023/07/08 12:21:58 beck Exp $ */ 1/* $OpenBSD: bn_blind.c,v 1.24 2023/07/28 10:05:16 tb Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -169,7 +169,6 @@ err:
169 BN_BLINDING_free(ret); 169 BN_BLINDING_free(ret);
170 return (NULL); 170 return (NULL);
171} 171}
172LCRYPTO_ALIAS(BN_BLINDING_new);
173 172
174void 173void
175BN_BLINDING_free(BN_BLINDING *r) 174BN_BLINDING_free(BN_BLINDING *r)
@@ -183,7 +182,6 @@ BN_BLINDING_free(BN_BLINDING *r)
183 BN_free(r->mod); 182 BN_free(r->mod);
184 free(r); 183 free(r);
185} 184}
186LCRYPTO_ALIAS(BN_BLINDING_free);
187 185
188int 186int
189BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) 187BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx)
@@ -217,14 +215,12 @@ err:
217 b->counter = 0; 215 b->counter = 0;
218 return (ret); 216 return (ret);
219} 217}
220LCRYPTO_ALIAS(BN_BLINDING_update);
221 218
222int 219int
223BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 220BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
224{ 221{
225 return BN_BLINDING_convert_ex(n, NULL, b, ctx); 222 return BN_BLINDING_convert_ex(n, NULL, b, ctx);
226} 223}
227LCRYPTO_ALIAS(BN_BLINDING_convert);
228 224
229int 225int
230BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 226BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
@@ -253,14 +249,12 @@ BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
253 249
254 return ret; 250 return ret;
255} 251}
256LCRYPTO_ALIAS(BN_BLINDING_convert_ex);
257 252
258int 253int
259BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) 254BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx)
260{ 255{
261 return BN_BLINDING_invert_ex(n, NULL, b, ctx); 256 return BN_BLINDING_invert_ex(n, NULL, b, ctx);
262} 257}
263LCRYPTO_ALIAS(BN_BLINDING_invert);
264 258
265int 259int
266BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) 260BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
@@ -280,28 +274,24 @@ BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx)
280 274
281 return (ret); 275 return (ret);
282} 276}
283LCRYPTO_ALIAS(BN_BLINDING_invert_ex);
284 277
285CRYPTO_THREADID * 278CRYPTO_THREADID *
286BN_BLINDING_thread_id(BN_BLINDING *b) 279BN_BLINDING_thread_id(BN_BLINDING *b)
287{ 280{
288 return &b->tid; 281 return &b->tid;
289} 282}
290LCRYPTO_ALIAS(BN_BLINDING_thread_id);
291 283
292unsigned long 284unsigned long
293BN_BLINDING_get_flags(const BN_BLINDING *b) 285BN_BLINDING_get_flags(const BN_BLINDING *b)
294{ 286{
295 return b->flags; 287 return b->flags;
296} 288}
297LCRYPTO_ALIAS(BN_BLINDING_get_flags);
298 289
299void 290void
300BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) 291BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags)
301{ 292{
302 b->flags = flags; 293 b->flags = flags;
303} 294}
304LCRYPTO_ALIAS(BN_BLINDING_set_flags);
305 295
306BN_BLINDING * 296BN_BLINDING *
307BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, 297BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
@@ -373,4 +363,3 @@ err:
373 363
374 return ret; 364 return ret;
375} 365}
376LCRYPTO_ALIAS(BN_BLINDING_create_param);
diff --git a/src/lib/libcrypto/bn/bn_local.h b/src/lib/libcrypto/bn/bn_local.h
index a8d40fbcc8..989770f2d6 100644
--- a/src/lib/libcrypto/bn/bn_local.h
+++ b/src/lib/libcrypto/bn/bn_local.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_local.h,v 1.26 2023/07/09 18:27:22 tb Exp $ */ 1/* $OpenBSD: bn_local.h,v 1.27 2023/07/28 10:05:16 tb Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -291,6 +291,27 @@ int BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
291int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, 291int BN_div_recp(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m,
292 BN_RECP_CTX *recp, BN_CTX *ctx); 292 BN_RECP_CTX *recp, BN_CTX *ctx);
293 293
294/* BN_BLINDING flags */
295#define BN_BLINDING_NO_UPDATE 0x00000001
296#define BN_BLINDING_NO_RECREATE 0x00000002
297
298BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod);
299void BN_BLINDING_free(BN_BLINDING *b);
300int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx);
301int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
302int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx);
303int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *);
304int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *);
305
306CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *);
307unsigned long BN_BLINDING_get_flags(const BN_BLINDING *);
308void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long);
309BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
310 const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
311 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
312 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx),
313 BN_MONT_CTX *m_ctx);
314
294/* Explicitly const time / non-const time versions for internal use */ 315/* Explicitly const time / non-const time versions for internal use */
295int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 316int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
296 const BIGNUM *m, BN_CTX *ctx); 317 const BIGNUM *m, BN_CTX *ctx);