diff options
| author | tb <> | 2023-03-26 18:52:29 +0000 |
|---|---|---|
| committer | tb <> | 2023-03-26 18:52:29 +0000 |
| commit | c168de9bf446974258857cce798660e0ab89e2de (patch) | |
| tree | f68192a44284de693a2e39a906f6393663182e03 /src | |
| parent | a33eac24d1b12c05bf5085edd5462d6898cc2db0 (diff) | |
| download | openbsd-c168de9bf446974258857cce798660e0ab89e2de.tar.gz openbsd-c168de9bf446974258857cce798660e0ab89e2de.tar.bz2 openbsd-c168de9bf446974258857cce798660e0ab89e2de.zip | |
Make several calls to BN_nnmod() unconditional
This removes a potential branch in a sensitive function and makes the
code a lot simpler. It is a really bad idea optimize here for what
davidben aptly calls "calculator" purposes.
ok jsing
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp.c | 29 |
1 files changed, 10 insertions, 19 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index ba9b2700f1..e2e4aa541c 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_exp.c,v 1.39 2023/03/26 18:49:48 tb Exp $ */ | 1 | /* $OpenBSD: bn_exp.c,v 1.40 2023/03/26 18:52:29 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -682,12 +682,9 @@ BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIG | |||
| 682 | goto err; | 682 | goto err; |
| 683 | } | 683 | } |
| 684 | 684 | ||
| 685 | if (a->neg || BN_ucmp(a, m) >= 0) { | 685 | if (!BN_nnmod(val[0], a,m, ctx)) |
| 686 | if (!BN_nnmod(val[0], a,m, ctx)) | 686 | goto err; |
| 687 | goto err; | 687 | aa = val[0]; |
| 688 | aa = val[0]; | ||
| 689 | } else | ||
| 690 | aa = a; | ||
| 691 | if (BN_is_zero(aa)) { | 688 | if (BN_is_zero(aa)) { |
| 692 | BN_zero(rr); | 689 | BN_zero(rr); |
| 693 | ret = 1; | 690 | ret = 1; |
| @@ -1205,12 +1202,9 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 1205 | /* | 1202 | /* |
| 1206 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) | 1203 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) |
| 1207 | */ | 1204 | */ |
| 1208 | if (a1->neg || BN_ucmp(a1, m) >= 0) { | 1205 | if (!BN_nnmod(val1[0], a1, m, ctx)) |
| 1209 | if (!BN_nnmod(val1[0], a1, m, ctx)) | 1206 | goto err; |
| 1210 | goto err; | 1207 | a_mod_m = val1[0]; |
| 1211 | a_mod_m = val1[0]; | ||
| 1212 | } else | ||
| 1213 | a_mod_m = a1; | ||
| 1214 | if (BN_is_zero(a_mod_m)) { | 1208 | if (BN_is_zero(a_mod_m)) { |
| 1215 | BN_zero(rr); | 1209 | BN_zero(rr); |
| 1216 | ret = 1; | 1210 | ret = 1; |
| @@ -1236,12 +1230,9 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 1236 | /* | 1230 | /* |
| 1237 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) | 1231 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) |
| 1238 | */ | 1232 | */ |
| 1239 | if (a2->neg || BN_ucmp(a2, m) >= 0) { | 1233 | if (!BN_nnmod(val2[0], a2, m, ctx)) |
| 1240 | if (!BN_nnmod(val2[0], a2, m, ctx)) | 1234 | goto err; |
| 1241 | goto err; | 1235 | a_mod_m = val2[0]; |
| 1242 | a_mod_m = val2[0]; | ||
| 1243 | } else | ||
| 1244 | a_mod_m = a2; | ||
| 1245 | if (BN_is_zero(a_mod_m)) { | 1236 | if (BN_is_zero(a_mod_m)) { |
| 1246 | BN_zero(rr); | 1237 | BN_zero(rr); |
| 1247 | ret = 1; | 1238 | ret = 1; |