diff options
| -rw-r--r-- | src/lib/libcrypto/dh/dh_key.c | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_crpt.c | 3 | ||||
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_eay.c | 11 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/dh/dh_key.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_crpt.c | 3 | ||||
| -rw-r--r-- | src/lib/libssl/src/crypto/rsa/rsa_eay.c | 11 | 
6 files changed, 28 insertions, 6 deletions
| diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 25e8968ef5..6eb1365bf6 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -149,6 +149,7 @@ generate_key(DH *dh) | |||
| 149 | { | 149 | { | 
| 150 | BIGNUM prk; | 150 | BIGNUM prk; | 
| 151 | 151 | ||
| 152 | BN_init(&prk); | ||
| 152 | BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME); | 153 | BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME); | 
| 153 | 154 | ||
| 154 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx, | 155 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx, | 
| diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c index b50e4a4a6f..ccb677c12b 100644 --- a/src/lib/libcrypto/rsa/rsa_crpt.c +++ b/src/lib/libcrypto/rsa/rsa_crpt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_crpt.c,v 1.15 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: rsa_crpt.c,v 1.16 2016/07/07 11:53:12 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -192,6 +192,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) | |||
| 192 | } else | 192 | } else | 
| 193 | e = rsa->e; | 193 | e = rsa->e; | 
| 194 | 194 | ||
| 195 | BN_init(&n); | ||
| 195 | BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); | 196 | BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); | 
| 196 | 197 | ||
| 197 | ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp, | 198 | ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp, | 
| diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 6edfd7e5fd..2facd1c6f6 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_eay.c,v 1.41 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: rsa_eay.c,v 1.42 2016/07/07 11:53:12 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -432,6 +432,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, | |||
| 432 | } else { | 432 | } else { | 
| 433 | BIGNUM d; | 433 | BIGNUM d; | 
| 434 | 434 | ||
| 435 | BN_init(&d); | ||
| 435 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 436 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 436 | 437 | ||
| 437 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 438 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 
| @@ -556,6 +557,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, | |||
| 556 | } else { | 557 | } else { | 
| 557 | BIGNUM d; | 558 | BIGNUM d; | 
| 558 | 559 | ||
| 560 | BN_init(&d); | ||
| 559 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 561 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 560 | 562 | ||
| 561 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 563 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 
| @@ -742,6 +744,8 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 742 | * Make sure BN_mod_inverse in Montgomery intialization uses the | 744 | * Make sure BN_mod_inverse in Montgomery intialization uses the | 
| 743 | * BN_FLG_CONSTTIME flag | 745 | * BN_FLG_CONSTTIME flag | 
| 744 | */ | 746 | */ | 
| 747 | BN_init(&p); | ||
| 748 | BN_init(&q); | ||
| 745 | BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); | 749 | BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); | 
| 746 | BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME); | 750 | BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME); | 
| 747 | 751 | ||
| @@ -761,12 +765,14 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 761 | goto err; | 765 | goto err; | 
| 762 | 766 | ||
| 763 | /* compute I mod q */ | 767 | /* compute I mod q */ | 
| 768 | BN_init(&c); | ||
| 764 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 769 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 
| 765 | 770 | ||
| 766 | if (!BN_mod(r1, &c, rsa->q, ctx)) | 771 | if (!BN_mod(r1, &c, rsa->q, ctx)) | 
| 767 | goto err; | 772 | goto err; | 
| 768 | 773 | ||
| 769 | /* compute r1^dmq1 mod q */ | 774 | /* compute r1^dmq1 mod q */ | 
| 775 | BN_init(&dmq1); | ||
| 770 | BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME); | 776 | BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME); | 
| 771 | 777 | ||
| 772 | if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx, | 778 | if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx, | 
| @@ -780,6 +786,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 780 | goto err; | 786 | goto err; | 
| 781 | 787 | ||
| 782 | /* compute r1^dmp1 mod p */ | 788 | /* compute r1^dmp1 mod p */ | 
| 789 | BN_init(&dmp1); | ||
| 783 | BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME); | 790 | BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME); | 
| 784 | 791 | ||
| 785 | if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx, | 792 | if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx, | 
| @@ -801,6 +808,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 801 | goto err; | 808 | goto err; | 
| 802 | 809 | ||
| 803 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | 810 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | 
| 811 | BN_init(&pr1); | ||
| 804 | BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); | 812 | BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); | 
| 805 | 813 | ||
| 806 | if (!BN_mod(r0, &pr1, rsa->p, ctx)) | 814 | if (!BN_mod(r0, &pr1, rsa->p, ctx)) | 
| @@ -847,6 +855,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 847 | */ | 855 | */ | 
| 848 | BIGNUM d; | 856 | BIGNUM d; | 
| 849 | 857 | ||
| 858 | BN_init(&d); | ||
| 850 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 859 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 851 | 860 | ||
| 852 | if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx, | 861 | if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx, | 
| diff --git a/src/lib/libssl/src/crypto/dh/dh_key.c b/src/lib/libssl/src/crypto/dh/dh_key.c index 25e8968ef5..6eb1365bf6 100644 --- a/src/lib/libssl/src/crypto/dh/dh_key.c +++ b/src/lib/libssl/src/crypto/dh/dh_key.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -149,6 +149,7 @@ generate_key(DH *dh) | |||
| 149 | { | 149 | { | 
| 150 | BIGNUM prk; | 150 | BIGNUM prk; | 
| 151 | 151 | ||
| 152 | BN_init(&prk); | ||
| 152 | BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME); | 153 | BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME); | 
| 153 | 154 | ||
| 154 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx, | 155 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx, | 
| diff --git a/src/lib/libssl/src/crypto/rsa/rsa_crpt.c b/src/lib/libssl/src/crypto/rsa/rsa_crpt.c index b50e4a4a6f..ccb677c12b 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_crpt.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_crpt.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_crpt.c,v 1.15 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: rsa_crpt.c,v 1.16 2016/07/07 11:53:12 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -192,6 +192,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) | |||
| 192 | } else | 192 | } else | 
| 193 | e = rsa->e; | 193 | e = rsa->e; | 
| 194 | 194 | ||
| 195 | BN_init(&n); | ||
| 195 | BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); | 196 | BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); | 
| 196 | 197 | ||
| 197 | ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp, | 198 | ret = BN_BLINDING_create_param(NULL, e, &n, ctx, rsa->meth->bn_mod_exp, | 
| diff --git a/src/lib/libssl/src/crypto/rsa/rsa_eay.c b/src/lib/libssl/src/crypto/rsa/rsa_eay.c index 6edfd7e5fd..2facd1c6f6 100644 --- a/src/lib/libssl/src/crypto/rsa/rsa_eay.c +++ b/src/lib/libssl/src/crypto/rsa/rsa_eay.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_eay.c,v 1.41 2016/06/30 02:02:06 bcook Exp $ */ | 1 | /* $OpenBSD: rsa_eay.c,v 1.42 2016/07/07 11:53:12 bcook Exp $ */ | 
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 
| 3 | * All rights reserved. | 3 | * All rights reserved. | 
| 4 | * | 4 | * | 
| @@ -432,6 +432,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to, | |||
| 432 | } else { | 432 | } else { | 
| 433 | BIGNUM d; | 433 | BIGNUM d; | 
| 434 | 434 | ||
| 435 | BN_init(&d); | ||
| 435 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 436 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 436 | 437 | ||
| 437 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 438 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 
| @@ -556,6 +557,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to, | |||
| 556 | } else { | 557 | } else { | 
| 557 | BIGNUM d; | 558 | BIGNUM d; | 
| 558 | 559 | ||
| 560 | BN_init(&d); | ||
| 559 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 561 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 560 | 562 | ||
| 561 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 563 | if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 
| @@ -742,6 +744,8 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 742 | * Make sure BN_mod_inverse in Montgomery intialization uses the | 744 | * Make sure BN_mod_inverse in Montgomery intialization uses the | 
| 743 | * BN_FLG_CONSTTIME flag | 745 | * BN_FLG_CONSTTIME flag | 
| 744 | */ | 746 | */ | 
| 747 | BN_init(&p); | ||
| 748 | BN_init(&q); | ||
| 745 | BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); | 749 | BN_with_flags(&p, rsa->p, BN_FLG_CONSTTIME); | 
| 746 | BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME); | 750 | BN_with_flags(&q, rsa->q, BN_FLG_CONSTTIME); | 
| 747 | 751 | ||
| @@ -761,12 +765,14 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 761 | goto err; | 765 | goto err; | 
| 762 | 766 | ||
| 763 | /* compute I mod q */ | 767 | /* compute I mod q */ | 
| 768 | BN_init(&c); | ||
| 764 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 769 | BN_with_flags(&c, I, BN_FLG_CONSTTIME); | 
| 765 | 770 | ||
| 766 | if (!BN_mod(r1, &c, rsa->q, ctx)) | 771 | if (!BN_mod(r1, &c, rsa->q, ctx)) | 
| 767 | goto err; | 772 | goto err; | 
| 768 | 773 | ||
| 769 | /* compute r1^dmq1 mod q */ | 774 | /* compute r1^dmq1 mod q */ | 
| 775 | BN_init(&dmq1); | ||
| 770 | BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME); | 776 | BN_with_flags(&dmq1, rsa->dmq1, BN_FLG_CONSTTIME); | 
| 771 | 777 | ||
| 772 | if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx, | 778 | if (!rsa->meth->bn_mod_exp(m1, r1, &dmq1, rsa->q, ctx, | 
| @@ -780,6 +786,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 780 | goto err; | 786 | goto err; | 
| 781 | 787 | ||
| 782 | /* compute r1^dmp1 mod p */ | 788 | /* compute r1^dmp1 mod p */ | 
| 789 | BN_init(&dmp1); | ||
| 783 | BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME); | 790 | BN_with_flags(&dmp1, rsa->dmp1, BN_FLG_CONSTTIME); | 
| 784 | 791 | ||
| 785 | if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx, | 792 | if (!rsa->meth->bn_mod_exp(r0, r1, &dmp1, rsa->p, ctx, | 
| @@ -801,6 +808,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 801 | goto err; | 808 | goto err; | 
| 802 | 809 | ||
| 803 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | 810 | /* Turn BN_FLG_CONSTTIME flag on before division operation */ | 
| 811 | BN_init(&pr1); | ||
| 804 | BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); | 812 | BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME); | 
| 805 | 813 | ||
| 806 | if (!BN_mod(r0, &pr1, rsa->p, ctx)) | 814 | if (!BN_mod(r0, &pr1, rsa->p, ctx)) | 
| @@ -847,6 +855,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) | |||
| 847 | */ | 855 | */ | 
| 848 | BIGNUM d; | 856 | BIGNUM d; | 
| 849 | 857 | ||
| 858 | BN_init(&d); | ||
| 850 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 859 | BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME); | 
| 851 | 860 | ||
| 852 | if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx, | 861 | if (!rsa->meth->bn_mod_exp(r0, I, &d, rsa->n, ctx, | 
