Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@
author: bcook <> 2016-06-30 02:02:06 +0000
committer: bcook <> 2016-06-30 02:02:06 +0000
commit: 3ce2fddbbb0fbded19721d5da476dfdfecb1e48b (patch)
tree: 0ceecace65c38593a01c1d41cce469bd98529f43 /src/regress/lib
parent: eac403b2ae70a8e948d7db823d992cc131392d78 (diff)
download: openbsd-3ce2fddbbb0fbded19721d5da476dfdfecb1e48b.tar.gz
openbsd-3ce2fddbbb0fbded19721d5da476dfdfecb1e48b.tar.bz2
openbsd-3ce2fddbbb0fbded19721d5da476dfdfecb1e48b.zip
2 files changed, 33 insertions, 70 deletions
diff --git a/src/regress/lib/libcrypto/dh/dhtest.c b/src/regress/lib/libcrypto/dh/dhtest.c
index f1ddc5ccf5..9c2d507d97 100644
--- a/src/regress/lib/libcrypto/dh/dhtest.c
+++ b/src/regress/lib/libcrypto/dh/dhtest.c
@@ -73,16 +73,30 @@
 #include <openssl/dh.h>
-static int cb(int p, int n, BN_GENCB *arg);
+static int cb(int p, int n, BN_GENCB *arg)
+{
+        char c='*';
+        if (p == 0)
+                c='.';
+        if (p == 1)
+                c='+';
+        if (p == 2)
+                c='*';
+        if (p == 3)
+                c='\n';
+        BIO_write(arg->arg,&c,1);
+        (void)BIO_flush(arg->arg);
+        return 1;
+}
 int main(int argc, char *argv[])
-        {
+{
        BN_GENCB _cb;
        DH *a;
-        DH *b=NULL;
        char buf[12];
-        unsigned char *abuf=NULL,*bbuf=NULL;
+        unsigned char *abuf=NULL;
-        int i,alen,blen,aout,bout,ret=1;
+        int i,alen,aout,ret=1;
        BIO *out;
        out=BIO_new(BIO_s_file());
@@ -90,11 +104,12 @@ int main(int argc, char *argv[])
        BIO_set_fp(out,stdout,BIO_NOCLOSE);
        BN_GENCB_set(&_cb, &cb, out);
-        if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
+        if (((a = DH_new()) == NULL) ||
-                                DH_GENERATOR_5, &_cb))
+            !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb))
                goto err;
-        if (!DH_check(a, &i)) goto err;
+        if (!DH_check(a, &i))
+                goto err;
        if (i & DH_CHECK_P_NOT_PRIME)
                BIO_puts(out, "p value is not prime\n");
        if (i & DH_CHECK_P_NOT_SAFE_PRIME)
@@ -110,81 +125,36 @@ int main(int argc, char *argv[])
        BN_print(out,a->g);
        BIO_puts(out,"\n");
-        b=DH_new();
+        if (!DH_generate_key(a))
-        if (b == NULL) goto err;
+                goto err;
-        b->p=BN_dup(a->p);
-        b->g=BN_dup(a->g);
-        if ((b->p == NULL) || (b->g == NULL)) goto err;
-        /* Set a to run with normal modexp and b to use constant time */
-        a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
-        b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-        if (!DH_generate_key(a)) goto err;
        BIO_puts(out,"pri 1=");
        BN_print(out,a->priv_key);
        BIO_puts(out,"\npub 1=");
        BN_print(out,a->pub_key);
        BIO_puts(out,"\n");
-        if (!DH_generate_key(b)) goto err;
-        BIO_puts(out,"pri 2=");
-        BN_print(out,b->priv_key);
-        BIO_puts(out,"\npub 2=");
-        BN_print(out,b->pub_key);
-        BIO_puts(out,"\n");
        alen=DH_size(a);
        abuf=malloc(alen);
-        aout=DH_compute_key(abuf,b->pub_key,a);
+        aout=DH_compute_key(abuf,a->pub_key,a);
        BIO_puts(out,"key1 =");
-        for (i=0; i<aout; i++)
+        for (i=0; i<aout; i++) {
-                {
                snprintf(buf,sizeof buf,"%02X",abuf[i]);
                BIO_puts(out,buf);
-                }
+        }
        BIO_puts(out,"\n");
-        blen=DH_size(b);
+        if (aout < 4) {
-        bbuf=malloc(blen);
-        bout=DH_compute_key(bbuf,a->pub_key,b);
-        BIO_puts(out,"key2 =");
-        for (i=0; i<bout; i++)
-                {
-                snprintf(buf,sizeof buf,"%02X",bbuf[i]);
-                BIO_puts(out,buf);
-                }
-        BIO_puts(out,"\n");
-        if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
-                {
                fprintf(stderr,"Error in DH routines\n");
                ret=1;
-                }
+        } else
-        else
                ret=0;
 err:
        ERR_print_errors_fp(stderr);
        free(abuf);
-        free(bbuf);
+        if (a != NULL)
-        if(b != NULL) DH_free(b);
+                DH_free(a);
-        if(a != NULL) DH_free(a);
        BIO_free(out);
        exit(ret);
-        }
+}
-static int cb(int p, int n, BN_GENCB *arg)
-        {
-        char c='*';
-        if (p == 0) c='.';
-        if (p == 1) c='+';
-        if (p == 2) c='*';
-        if (p == 3) c='\n';
-        BIO_write(arg->arg,&c,1);
-        (void)BIO_flush(arg->arg);
-        return 1;
-        }
diff --git a/src/regress/lib/libcrypto/dsa/dsatest.c b/src/regress/lib/libcrypto/dsa/dsatest.c
index 1fb929a689..444cda532d 100644
--- a/src/regress/lib/libcrypto/dsa/dsatest.c
+++ b/src/regress/lib/libcrypto/dsa/dsatest.c
@@ -182,13 +182,6 @@ int main(int argc, char **argv)
                goto end;
                }
-        dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
-        DSA_generate_key(dsa);
-        DSA_sign(0, str1, 20, sig, &siglen, dsa);
-        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-                ret=1;
-        dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
        DSA_generate_key(dsa);
        DSA_sign(0, str1, 20, sig, &siglen, dsa);
        if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
author	bcook <>	2016-06-30 02:02:06 +0000
committer	bcook <>	2016-06-30 02:02:06 +0000
commit	3ce2fddbbb0fbded19721d5da476dfdfecb1e48b (patch)
tree	0ceecace65c38593a01c1d41cce469bd98529f43 /src/regress/lib
parent	eac403b2ae70a8e948d7db823d992cc131392d78 (diff)
download	openbsd-3ce2fddbbb0fbded19721d5da476dfdfecb1e48b.tar.gz openbsd-3ce2fddbbb0fbded19721d5da476dfdfecb1e48b.tar.bz2 openbsd-3ce2fddbbb0fbded19721d5da476dfdfecb1e48b.zip