diff options
| -rw-r--r-- | src/lib/libcrypto/bn/bn.h | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_div.c | 36 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp2.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_gcd.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_lcl.h | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_mod.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_mont.c | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_prime.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/bn/bn_recp.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ameth.c | 4 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_gen.c | 6 | ||||
| -rw-r--r-- | src/lib/libcrypto/dsa/dsa_ossl.c | 8 | ||||
| -rw-r--r-- | src/lib/libcrypto/gost/gostr341001.c | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_chk.c | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_eay.c | 10 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_gen.c | 8 | 
17 files changed, 92 insertions, 58 deletions
| diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h index 16ba8ae981..fd9a62fe3f 100644 --- a/src/lib/libcrypto/bn/bn.h +++ b/src/lib/libcrypto/bn/bn.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn.h,v 1.33 2017/01/21 09:38:58 beck Exp $ */ | 1 | /* $OpenBSD: bn.h,v 1.34 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -387,9 +387,11 @@ void BN_set_negative(BIGNUM *b, int n); | |||
| 387 | */ | 387 | */ | 
| 388 | #define BN_is_negative(a) ((a)->neg != 0) | 388 | #define BN_is_negative(a) ((a)->neg != 0) | 
| 389 | 389 | ||
| 390 | #ifndef LIBRESSL_INTERNAL | ||
| 390 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | 391 | int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | 
| 391 | BN_CTX *ctx); | 392 | BN_CTX *ctx); | 
| 392 | #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) | 393 | #define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx)) | 
| 394 | #endif | ||
| 393 | int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); | 395 | int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx); | 
| 394 | int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); | 396 | int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx); | 
| 395 | int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); | 397 | int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m); | 
| diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c index fefc53f9fa..a8f7c9f384 100644 --- a/src/lib/libcrypto/bn/bn_div.c +++ b/src/lib/libcrypto/bn/bn_div.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_div.c,v 1.23 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: bn_div.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -116,9 +116,9 @@ | |||
| 116 | * rm->neg == num->neg (unless the remainder is zero) | 116 | * rm->neg == num->neg (unless the remainder is zero) | 
| 117 | * If 'dv' or 'rm' is NULL, the respective value is not returned. | 117 | * If 'dv' or 'rm' is NULL, the respective value is not returned. | 
| 118 | */ | 118 | */ | 
| 119 | int | 119 | static int | 
| 120 | BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | 120 | BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | 
| 121 | BN_CTX *ctx) | 121 | BN_CTX *ctx, int ct) | 
| 122 | { | 122 | { | 
| 123 | int norm_shift, i, loop; | 123 | int norm_shift, i, loop; | 
| 124 | BIGNUM *tmp, wnum, *snum, *sdiv, *res; | 124 | BIGNUM *tmp, wnum, *snum, *sdiv, *res; | 
| @@ -137,10 +137,8 @@ BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | |||
| 137 | 137 | ||
| 138 | bn_check_top(num); | 138 | bn_check_top(num); | 
| 139 | 139 | ||
| 140 | if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || | 140 | if (ct) | 
| 141 | (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) { | ||
| 142 | no_branch = 1; | 141 | no_branch = 1; | 
| 143 | } | ||
| 144 | 142 | ||
| 145 | bn_check_top(dv); | 143 | bn_check_top(dv); | 
| 146 | bn_check_top(rm); | 144 | bn_check_top(rm); | 
| @@ -379,3 +377,27 @@ err: | |||
| 379 | BN_CTX_end(ctx); | 377 | BN_CTX_end(ctx); | 
| 380 | return (0); | 378 | return (0); | 
| 381 | } | 379 | } | 
| 380 | |||
| 381 | int | ||
| 382 | BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||
| 383 | BN_CTX *ctx) | ||
| 384 | { | ||
| 385 | int ct = ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) || | ||
| 386 | (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)); | ||
| 387 | |||
| 388 | return BN_div_internal(dv, rm, num, divisor, ctx, ct); | ||
| 389 | } | ||
| 390 | |||
| 391 | int | ||
| 392 | BN_div_nonct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||
| 393 | BN_CTX *ctx) | ||
| 394 | { | ||
| 395 | return BN_div_internal(dv, rm, num, divisor, ctx, 0); | ||
| 396 | } | ||
| 397 | |||
| 398 | int | ||
| 399 | BN_div_ct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor, | ||
| 400 | BN_CTX *ctx) | ||
| 401 | { | ||
| 402 | return BN_div_internal(dv, rm, num, divisor, ctx, 1); | ||
| 403 | } | ||
| diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index ed4bc666bf..f650e94b09 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_exp.c,v 1.28 2017/01/21 09:38:58 beck Exp $ */ | 1 | /* $OpenBSD: bn_exp.c,v 1.29 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -735,7 +735,7 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, | |||
| 735 | 735 | ||
| 736 | /* prepare a^1 in Montgomery domain */ | 736 | /* prepare a^1 in Montgomery domain */ | 
| 737 | if (a->neg || BN_ucmp(a, m) >= 0) { | 737 | if (a->neg || BN_ucmp(a, m) >= 0) { | 
| 738 | if (!BN_mod(&am, a,m, ctx)) | 738 | if (!BN_mod_ct(&am, a,m, ctx)) | 
| 739 | goto err; | 739 | goto err; | 
| 740 | if (!BN_to_montgomery(&am, &am, mont, ctx)) | 740 | if (!BN_to_montgomery(&am, &am, mont, ctx)) | 
| 741 | goto err; | 741 | goto err; | 
| @@ -924,7 +924,7 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, | |||
| 924 | #define BN_MOD_MUL_WORD(r, w, m) \ | 924 | #define BN_MOD_MUL_WORD(r, w, m) \ | 
| 925 | (BN_mul_word(r, (w)) && \ | 925 | (BN_mul_word(r, (w)) && \ | 
| 926 | (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ | 926 | (/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \ | 
| 927 | (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) | 927 | (BN_mod_ct(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1)))) | 
| 928 | /* BN_MOD_MUL_WORD is only used with 'w' large, | 928 | /* BN_MOD_MUL_WORD is only used with 'w' large, | 
| 929 | * so the BN_ucmp test is probably more overhead | 929 | * so the BN_ucmp test is probably more overhead | 
| 930 | * than always using BN_mod (which uses BN_copy if | 930 | * than always using BN_mod (which uses BN_copy if | 
| diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c index 38bf467a38..1d938d3818 100644 --- a/src/lib/libcrypto/bn/bn_exp2.c +++ b/src/lib/libcrypto/bn/bn_exp2.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_exp2.c,v 1.10 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: bn_exp2.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -175,7 +175,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 175 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) | 175 | * Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1) | 
| 176 | */ | 176 | */ | 
| 177 | if (a1->neg || BN_ucmp(a1, m) >= 0) { | 177 | if (a1->neg || BN_ucmp(a1, m) >= 0) { | 
| 178 | if (!BN_mod(val1[0], a1, m, ctx)) | 178 | if (!BN_mod_ct(val1[0], a1, m, ctx)) | 
| 179 | goto err; | 179 | goto err; | 
| 180 | a_mod_m = val1[0]; | 180 | a_mod_m = val1[0]; | 
| 181 | } else | 181 | } else | 
| @@ -206,7 +206,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, | |||
| 206 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) | 206 | * Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1) | 
| 207 | */ | 207 | */ | 
| 208 | if (a2->neg || BN_ucmp(a2, m) >= 0) { | 208 | if (a2->neg || BN_ucmp(a2, m) >= 0) { | 
| 209 | if (!BN_mod(val2[0], a2, m, ctx)) | 209 | if (!BN_mod_ct(val2[0], a2, m, ctx)) | 
| 210 | goto err; | 210 | goto err; | 
| 211 | a_mod_m = val2[0]; | 211 | a_mod_m = val2[0]; | 
| 212 | } else | 212 | } else | 
| diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c index da9c29a8e5..3c8ff5b405 100644 --- a/src/lib/libcrypto/bn/bn_gcd.c +++ b/src/lib/libcrypto/bn/bn_gcd.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_gcd.c,v 1.10 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: bn_gcd.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -421,7 +421,7 @@ BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx) | |||
| 421 | } | 421 | } | 
| 422 | } | 422 | } | 
| 423 | } else { | 423 | } else { | 
| 424 | if (!BN_div(D, M, A, B, ctx)) | 424 | if (!BN_div_ct(D, M, A, B, ctx)) | 
| 425 | goto err; | 425 | goto err; | 
| 426 | } | 426 | } | 
| 427 | 427 | ||
| @@ -605,7 +605,7 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 605 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); | 605 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); | 
| 606 | 606 | ||
| 607 | /* (D, M) := (A/B, A%B) ... */ | 607 | /* (D, M) := (A/B, A%B) ... */ | 
| 608 | if (!BN_div(D, M, pA, B, ctx)) | 608 | if (!BN_div_ct(D, M, pA, B, ctx)) | 
| 609 | goto err; | 609 | goto err; | 
| 610 | 610 | ||
| 611 | /* Now | 611 | /* Now | 
| diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h index f8ce4bdc51..59d9036d01 100644 --- a/src/lib/libcrypto/bn/bn_lcl.h +++ b/src/lib/libcrypto/bn/bn_lcl.h | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_lcl.h,v 1.24 2017/01/21 09:38:58 beck Exp $ */ | 1 | /* $OpenBSD: bn_lcl.h,v 1.25 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -593,7 +593,11 @@ int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | |||
| 593 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 593 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 
| 594 | int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 594 | int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 
| 595 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 595 | const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); | 
| 596 | 596 | int BN_div_nonct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | |
| 597 | BN_CTX *ctx); | ||
| 598 | int BN_div_ct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d, | ||
| 599 | BN_CTX *ctx); | ||
| 600 | #define BN_mod_ct(rem,m,d,ctx) BN_div_ct(NULL,(rem),(m),(d),(ctx)) | ||
| 601 | #define BN_mod_nonct(rem,m,d,ctx) BN_div_nonct(NULL,(rem),(m),(d),(ctx)) | ||
| 597 | __END_HIDDEN_DECLS | 602 | __END_HIDDEN_DECLS | 
| 598 | |||
| 599 | #endif | 603 | #endif | 
| diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c index eb2d5b072e..4c30c098d4 100644 --- a/src/lib/libcrypto/bn/bn_mod.c +++ b/src/lib/libcrypto/bn/bn_mod.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_mod.c,v 1.10 2016/11/05 10:47:16 miod Exp $ */ | 1 | /* $OpenBSD: bn_mod.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 2 | /* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> | 
| 3 | * for the OpenSSL project. */ | 3 | * for the OpenSSL project. */ | 
| 4 | /* ==================================================================== | 4 | /* ==================================================================== | 
| @@ -121,7 +121,7 @@ BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx) | |||
| 121 | /* like BN_mod, but returns non-negative remainder | 121 | /* like BN_mod, but returns non-negative remainder | 
| 122 | * (i.e., 0 <= r < |d| always holds) */ | 122 | * (i.e., 0 <= r < |d| always holds) */ | 
| 123 | 123 | ||
| 124 | if (!(BN_mod(r, m,d, ctx))) | 124 | if (!(BN_mod_ct(r, m,d, ctx))) | 
| 125 | return 0; | 125 | return 0; | 
| 126 | if (!r->neg) | 126 | if (!r->neg) | 
| 127 | return 1; | 127 | return 1; | 
| @@ -212,7 +212,7 @@ BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx) | |||
| 212 | if (!BN_sqr(r, a, ctx)) | 212 | if (!BN_sqr(r, a, ctx)) | 
| 213 | return 0; | 213 | return 0; | 
| 214 | /* r->neg == 0, thus we don't need BN_nnmod */ | 214 | /* r->neg == 0, thus we don't need BN_nnmod */ | 
| 215 | return BN_mod(r, r, m, ctx); | 215 | return BN_mod_ct(r, r, m, ctx); | 
| 216 | } | 216 | } | 
| 217 | 217 | ||
| 218 | int | 218 | int | 
| diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c index 3eb9913a9e..3496502435 100644 --- a/src/lib/libcrypto/bn/bn_mont.c +++ b/src/lib/libcrypto/bn/bn_mont.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_mont.c,v 1.24 2015/02/09 15:49:22 jsing Exp $ */ | 1 | /* $OpenBSD: bn_mont.c,v 1.25 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -418,7 +418,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | |||
| 418 | Ri->d[1] = BN_MASK2; | 418 | Ri->d[1] = BN_MASK2; | 
| 419 | Ri->top = 2; | 419 | Ri->top = 2; | 
| 420 | } | 420 | } | 
| 421 | if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) | 421 | if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx)) | 
| 422 | goto err; | 422 | goto err; | 
| 423 | /* Ni = (R*Ri-1)/N, | 423 | /* Ni = (R*Ri-1)/N, | 
| 424 | * keep only couple of least significant words: */ | 424 | * keep only couple of least significant words: */ | 
| @@ -446,7 +446,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | |||
| 446 | if (!BN_set_word(Ri, BN_MASK2)) | 446 | if (!BN_set_word(Ri, BN_MASK2)) | 
| 447 | goto err; /* Ri-- (mod word size) */ | 447 | goto err; /* Ri-- (mod word size) */ | 
| 448 | } | 448 | } | 
| 449 | if (!BN_div(Ri, NULL, Ri, &tmod, ctx)) | 449 | if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx)) | 
| 450 | goto err; | 450 | goto err; | 
| 451 | /* Ni = (R*Ri-1)/N, | 451 | /* Ni = (R*Ri-1)/N, | 
| 452 | * keep only least significant word: */ | 452 | * keep only least significant word: */ | 
| @@ -468,7 +468,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | |||
| 468 | if (!BN_sub_word(Ri, 1)) | 468 | if (!BN_sub_word(Ri, 1)) | 
| 469 | goto err; | 469 | goto err; | 
| 470 | /* Ni = (R*Ri-1) / N */ | 470 | /* Ni = (R*Ri-1) / N */ | 
| 471 | if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx)) | 471 | if (!BN_div_ct(&(mont->Ni), NULL, Ri, &mont->N, ctx)) | 
| 472 | goto err; | 472 | goto err; | 
| 473 | } | 473 | } | 
| 474 | #endif | 474 | #endif | 
| @@ -477,7 +477,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) | |||
| 477 | BN_zero(&(mont->RR)); | 477 | BN_zero(&(mont->RR)); | 
| 478 | if (!BN_set_bit(&(mont->RR), mont->ri*2)) | 478 | if (!BN_set_bit(&(mont->RR), mont->ri*2)) | 
| 479 | goto err; | 479 | goto err; | 
| 480 | if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx)) | 480 | if (!BN_mod_ct(&(mont->RR), &(mont->RR), &(mont->N), ctx)) | 
| 481 | goto err; | 481 | goto err; | 
| 482 | 482 | ||
| 483 | ret = 1; | 483 | ret = 1; | 
| diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c index b2f32684e4..ec8217ef69 100644 --- a/src/lib/libcrypto/bn/bn_prime.c +++ b/src/lib/libcrypto/bn/bn_prime.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_prime.c,v 1.16 2017/01/21 09:38:58 beck Exp $ */ | 1 | /* $OpenBSD: bn_prime.c,v 1.17 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -443,7 +443,7 @@ probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem, | |||
| 443 | 443 | ||
| 444 | /* we need ((rnd-rem) % add) == 0 */ | 444 | /* we need ((rnd-rem) % add) == 0 */ | 
| 445 | 445 | ||
| 446 | if (!BN_mod(t1, rnd, add, ctx)) | 446 | if (!BN_mod_ct(t1, rnd, add, ctx)) | 
| 447 | goto err; | 447 | goto err; | 
| 448 | if (!BN_sub(rnd, rnd, t1)) | 448 | if (!BN_sub(rnd, rnd, t1)) | 
| 449 | goto err; | 449 | goto err; | 
| @@ -500,7 +500,7 @@ probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd, | |||
| 500 | goto err; | 500 | goto err; | 
| 501 | 501 | ||
| 502 | /* we need ((rnd-rem) % add) == 0 */ | 502 | /* we need ((rnd-rem) % add) == 0 */ | 
| 503 | if (!BN_mod(t1, q,qadd, ctx)) | 503 | if (!BN_mod_ct(t1, q,qadd, ctx)) | 
| 504 | goto err; | 504 | goto err; | 
| 505 | if (!BN_sub(q, q, t1)) | 505 | if (!BN_sub(q, q, t1)) | 
| 506 | goto err; | 506 | goto err; | 
| diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c index b0bd0aa4df..aae7c7ef85 100644 --- a/src/lib/libcrypto/bn/bn_recp.c +++ b/src/lib/libcrypto/bn/bn_recp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_recp.c,v 1.13 2015/04/29 00:11:12 doug Exp $ */ | 1 | /* $OpenBSD: bn_recp.c,v 1.14 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -251,7 +251,7 @@ BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx) | |||
| 251 | if (!BN_set_bit(t, len)) | 251 | if (!BN_set_bit(t, len)) | 
| 252 | goto err; | 252 | goto err; | 
| 253 | 253 | ||
| 254 | if (!BN_div(r, NULL, t,m, ctx)) | 254 | if (!BN_div_ct(r, NULL, t,m, ctx)) | 
| 255 | goto err; | 255 | goto err; | 
| 256 | 256 | ||
| 257 | ret = len; | 257 | ret = len; | 
| diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c index 92ad02e187..b589d39892 100644 --- a/src/lib/libcrypto/dsa/dsa_ameth.c +++ b/src/lib/libcrypto/dsa/dsa_ameth.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ameth.c,v 1.21 2017/01/21 09:38:59 beck Exp $ */ | 1 | /* $OpenBSD: dsa_ameth.c,v 1.22 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 2 | /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL | 
| 3 | * project 2006. | 3 | * project 2006. | 
| 4 | */ | 4 | */ | 
| @@ -501,7 +501,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) | |||
| 501 | if (BN_sub(p1, dsa->p, BN_value_one()) == 0) | 501 | if (BN_sub(p1, dsa->p, BN_value_one()) == 0) | 
| 502 | goto err; | 502 | goto err; | 
| 503 | /* j = (p - 1) / q */ | 503 | /* j = (p - 1) / q */ | 
| 504 | if (BN_div(j, NULL, p1, dsa->q, ctx) == 0) | 504 | if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0) | 
| 505 | goto err; | 505 | goto err; | 
| 506 | /* q * j should == p - 1 */ | 506 | /* q * j should == p - 1 */ | 
| 507 | if (BN_mul(newp1, dsa->q, j, ctx) == 0) | 507 | if (BN_mul(newp1, dsa->q, j, ctx) == 0) | 
| diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c index d627e5ae9c..b6bbb8ab08 100644 --- a/src/lib/libcrypto/dsa/dsa_gen.c +++ b/src/lib/libcrypto/dsa/dsa_gen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_gen.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */ | 1 | /* $OpenBSD: dsa_gen.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -271,7 +271,7 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd, | |||
| 271 | /* step 9 */ | 271 | /* step 9 */ | 
| 272 | if (!BN_lshift1(r0, q)) | 272 | if (!BN_lshift1(r0, q)) | 
| 273 | goto err; | 273 | goto err; | 
| 274 | if (!BN_mod(c, X, r0, ctx)) | 274 | if (!BN_mod_ct(c, X, r0, ctx)) | 
| 275 | goto err; | 275 | goto err; | 
| 276 | if (!BN_sub(r0, c, BN_value_one())) | 276 | if (!BN_sub(r0, c, BN_value_one())) | 
| 277 | goto err; | 277 | goto err; | 
| @@ -306,7 +306,7 @@ end: | |||
| 306 | /* Set r0=(p-1)/q */ | 306 | /* Set r0=(p-1)/q */ | 
| 307 | if (!BN_sub(test, p, BN_value_one())) | 307 | if (!BN_sub(test, p, BN_value_one())) | 
| 308 | goto err; | 308 | goto err; | 
| 309 | if (!BN_div(r0, NULL, test, q, ctx)) | 309 | if (!BN_div_ct(r0, NULL, test, q, ctx)) | 
| 310 | goto err; | 310 | goto err; | 
| 311 | 311 | ||
| 312 | if (!BN_set_word(test, h)) | 312 | if (!BN_set_word(test, h)) | 
| diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c index 3f01a83a44..4177557d0e 100644 --- a/src/lib/libcrypto/dsa/dsa_ossl.c +++ b/src/lib/libcrypto/dsa/dsa_ossl.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dsa_ossl.c,v 1.27 2017/01/21 09:38:59 beck Exp $ */ | 1 | /* $OpenBSD: dsa_ossl.c,v 1.28 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -244,7 +244,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp) | |||
| 244 | goto err; | 244 | goto err; | 
| 245 | } | 245 | } | 
| 246 | 246 | ||
| 247 | if (!BN_mod(r,r,dsa->q,ctx)) | 247 | if (!BN_mod_ct(r,r,dsa->q,ctx)) | 
| 248 | goto err; | 248 | goto err; | 
| 249 | 249 | ||
| 250 | /* Compute part of 's = inv(k) (m + xr) mod q' */ | 250 | /* Compute part of 's = inv(k) (m + xr) mod q' */ | 
| @@ -351,10 +351,10 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa) | |||
| 351 | mont)) | 351 | mont)) | 
| 352 | goto err; | 352 | goto err; | 
| 353 | } | 353 | } | 
| 354 | 354 | ||
| 355 | /* BN_copy(&u1,&t1); */ | 355 | /* BN_copy(&u1,&t1); */ | 
| 356 | /* let u1 = u1 mod q */ | 356 | /* let u1 = u1 mod q */ | 
| 357 | if (!BN_mod(&u1, &t1, dsa->q, ctx)) | 357 | if (!BN_mod_ct(&u1, &t1, dsa->q, ctx)) | 
| 358 | goto err; | 358 | goto err; | 
| 359 | 359 | ||
| 360 | /* V is now in u1. If the signature is correct, it will be | 360 | /* V is now in u1. If the signature is correct, it will be | 
| diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c index c6221e4a01..5fb494009c 100644 --- a/src/lib/libcrypto/gost/gostr341001.c +++ b/src/lib/libcrypto/gost/gostr341001.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: gostr341001.c,v 1.4 2015/02/14 06:40:04 jsing Exp $ */ | 1 | /* $OpenBSD: gostr341001.c,v 1.5 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* | 2 | /* | 
| 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 3 | * Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com> | 
| 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 4 | * Copyright (c) 2005-2006 Cryptocom LTD | 
| @@ -57,6 +57,8 @@ | |||
| 57 | #include <openssl/bn.h> | 57 | #include <openssl/bn.h> | 
| 58 | #include <openssl/err.h> | 58 | #include <openssl/err.h> | 
| 59 | #include <openssl/gost.h> | 59 | #include <openssl/gost.h> | 
| 60 | |||
| 61 | #include "bn_lcl.h" | ||
| 60 | #include "gost_locl.h" | 62 | #include "gost_locl.h" | 
| 61 | 63 | ||
| 62 | /* Convert little-endian byte array into bignum */ | 64 | /* Convert little-endian byte array into bignum */ | 
| @@ -175,7 +177,7 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey) | |||
| 175 | priv_key = GOST_KEY_get0_private_key(eckey); | 177 | priv_key = GOST_KEY_get0_private_key(eckey); | 
| 176 | if ((e = BN_CTX_get(ctx)) == NULL) | 178 | if ((e = BN_CTX_get(ctx)) == NULL) | 
| 177 | goto err; | 179 | goto err; | 
| 178 | if (BN_mod(e, md, order, ctx) == 0) | 180 | if (BN_mod_ct(e, md, order, ctx) == 0) | 
| 179 | goto err; | 181 | goto err; | 
| 180 | if (BN_is_zero(e)) | 182 | if (BN_is_zero(e)) | 
| 181 | BN_one(e); | 183 | BN_one(e); | 
| @@ -288,7 +290,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec) | |||
| 288 | goto err; | 290 | goto err; | 
| 289 | } | 291 | } | 
| 290 | 292 | ||
| 291 | if (BN_mod(e, md, order, ctx) == 0) | 293 | if (BN_mod_ct(e, md, order, ctx) == 0) | 
| 292 | goto err; | 294 | goto err; | 
| 293 | if (BN_is_zero(e)) | 295 | if (BN_is_zero(e)) | 
| 294 | BN_one(e); | 296 | BN_one(e); | 
| @@ -310,7 +312,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec) | |||
| 310 | GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB); | 312 | GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB); | 
| 311 | goto err; | 313 | goto err; | 
| 312 | } | 314 | } | 
| 313 | if (BN_mod(R, X, order, ctx) == 0) | 315 | if (BN_mod_ct(R, X, order, ctx) == 0) | 
| 314 | goto err; | 316 | goto err; | 
| 315 | if (BN_cmp(R, sig->r) != 0) { | 317 | if (BN_cmp(R, sig->r) != 0) { | 
| 316 | GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH); | 318 | GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH); | 
| diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c index c247a8d80e..efe9431f2d 100644 --- a/src/lib/libcrypto/rsa/rsa_chk.c +++ b/src/lib/libcrypto/rsa/rsa_chk.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_chk.c,v 1.9 2014/07/10 07:43:11 jsing Exp $ */ | 1 | /* $OpenBSD: rsa_chk.c,v 1.10 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* ==================================================================== | 2 | /* ==================================================================== | 
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -52,6 +52,8 @@ | |||
| 52 | #include <openssl/err.h> | 52 | #include <openssl/err.h> | 
| 53 | #include <openssl/rsa.h> | 53 | #include <openssl/rsa.h> | 
| 54 | 54 | ||
| 55 | #include "bn_lcl.h" | ||
| 56 | |||
| 55 | int | 57 | int | 
| 56 | RSA_check_key(const RSA *key) | 58 | RSA_check_key(const RSA *key) | 
| 57 | { | 59 | { | 
| @@ -132,7 +134,7 @@ RSA_check_key(const RSA *key) | |||
| 132 | ret = -1; | 134 | ret = -1; | 
| 133 | goto err; | 135 | goto err; | 
| 134 | } | 136 | } | 
| 135 | r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ | 137 | r = BN_div_ct(k, NULL, l, m, ctx); /* remainder is 0 */ | 
| 136 | if (!r) { | 138 | if (!r) { | 
| 137 | ret = -1; | 139 | ret = -1; | 
| 138 | goto err; | 140 | goto err; | 
| @@ -157,7 +159,7 @@ RSA_check_key(const RSA *key) | |||
| 157 | goto err; | 159 | goto err; | 
| 158 | } | 160 | } | 
| 159 | 161 | ||
| 160 | r = BN_mod(j, key->d, i, ctx); | 162 | r = BN_mod_ct(j, key->d, i, ctx); | 
| 161 | if (!r) { | 163 | if (!r) { | 
| 162 | ret = -1; | 164 | ret = -1; | 
| 163 | goto err; | 165 | goto err; | 
| @@ -176,7 +178,7 @@ RSA_check_key(const RSA *key) | |||
| 176 | goto err; | 178 | goto err; | 
| 177 | } | 179 | } | 
| 178 | 180 | ||
| 179 | r = BN_mod(j, key->d, i, ctx); | 181 | r = BN_mod_ct(j, key->d, i, ctx); | 
| 180 | if (!r) { | 182 | if (!r) { | 
| 181 | ret = -1; | 183 | ret = -1; | 
| 182 | goto err; | 184 | goto err; | 
| diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 640ed9a0d6..c4da147ddf 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_eay.c,v 1.44 2017/01/21 09:38:59 beck Exp $ */ | 1 | /* $OpenBSD: rsa_eay.c,v 1.45 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -770,7 +770,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 770 | BN_init(&c); | 770 | BN_init(&c); | 
| 771 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 771 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 
| 772 | 772 | ||
| 773 | if (!BN_mod(r1, &c, rsa->q, ctx)) | 773 | if (!BN_mod_ct(r1, &c, rsa->q, ctx)) | 
| 774 | goto err; | 774 | goto err; | 
| 775 | 775 | ||
| 776 | /* compute r1^dmq1 mod q */ | 776 | /* compute r1^dmq1 mod q */ | 
| @@ -784,7 +784,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 784 | /* compute I mod p */ | 784 | /* compute I mod p */ | 
| 785 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 785 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 
| 786 | 786 | ||
| 787 | if (!BN_mod(r1, &c, rsa->p, ctx)) | 787 | if (!BN_mod_ct(r1, &c, rsa->p, ctx)) | 
| 788 | goto err; | 788 | goto err; | 
| 789 | 789 | ||
| 790 | /* compute r1^dmp1 mod p */ | 790 | /* compute r1^dmp1 mod p */ | 
| @@ -813,7 +813,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 813 | BN_init(&pr1); | 813 | BN_init(&pr1); | 
| 814 | BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); | 814 | BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); | 
| 815 | 815 | ||
| 816 | if (!BN_mod(r0, &pr1, rsa->p, ctx)) | 816 | if (!BN_mod_ct(r0, &pr1, rsa->p, ctx)) | 
| 817 | goto err; | 817 | goto err; | 
| 818 | 818 | ||
| 819 | /* | 819 | /* | 
| @@ -844,7 +844,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 844 | */ | 844 | */ | 
| 845 | if (!BN_sub(vrfy, vrfy, I)) | 845 | if (!BN_sub(vrfy, vrfy, I)) | 
| 846 | goto err; | 846 | goto err; | 
| 847 | if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) | 847 | if (!BN_mod_ct(vrfy, vrfy, rsa->n, ctx)) | 
| 848 | goto err; | 848 | goto err; | 
| 849 | if (BN_is_negative(vrfy)) | 849 | if (BN_is_negative(vrfy)) | 
| 850 | if (!BN_add(vrfy, vrfy, rsa->n)) | 850 | if (!BN_add(vrfy, vrfy, rsa->n)) | 
| diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index d46f4f2478..817f177e96 100644 --- a/src/lib/libcrypto/rsa/rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_gen.c,v 1.18 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: rsa_gen.c,v 1.19 2017/01/21 10:38:29 beck Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -69,6 +69,8 @@ | |||
| 69 | #include <openssl/err.h> | 69 | #include <openssl/err.h> | 
| 70 | #include <openssl/rsa.h> | 70 | #include <openssl/rsa.h> | 
| 71 | 71 | ||
| 72 | #include "bn_lcl.h" | ||
| 73 | |||
| 72 | static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); | 74 | static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); | 
| 73 | 75 | ||
| 74 | /* | 76 | /* | 
| @@ -202,11 +204,11 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) | |||
| 202 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 204 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 203 | 205 | ||
| 204 | /* calculate d mod (p-1) */ | 206 | /* calculate d mod (p-1) */ | 
| 205 | if (!BN_mod(rsa->dmp1, &d, r1, ctx)) | 207 | if (!BN_mod_ct(rsa->dmp1, &d, r1, ctx)) | 
| 206 | goto err; | 208 | goto err; | 
| 207 | 209 | ||
| 208 | /* calculate d mod (q-1) */ | 210 | /* calculate d mod (q-1) */ | 
| 209 | if (!BN_mod(rsa->dmq1, &d, r2, ctx)) | 211 | if (!BN_mod_ct(rsa->dmq1, &d, r2, ctx)) | 
| 210 | goto err; | 212 | goto err; | 
| 211 | 213 | ||
| 212 | /* calculate inverse of q mod p */ | 214 | /* calculate inverse of q mod p */ | 
