diff options
Diffstat (limited to 'src/lib/libcrypto/bn')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_gcd.c | 40 |
1 files changed, 27 insertions, 13 deletions
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c index 469ae752fb..d756398c8f 100644 --- a/src/lib/libcrypto/bn/bn_gcd.c +++ b/src/lib/libcrypto/bn/bn_gcd.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_gcd.c,v 1.15 2017/01/29 17:49:22 beck Exp $ */ | 1 | /* $OpenBSD: bn_gcd.c,v 1.16 2021/12/26 15:16:50 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -576,6 +576,9 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 576 | bn_check_top(a); | 576 | bn_check_top(a); |
| 577 | bn_check_top(n); | 577 | bn_check_top(n); |
| 578 | 578 | ||
| 579 | BN_init(&local_A); | ||
| 580 | BN_init(&local_B); | ||
| 581 | |||
| 579 | BN_CTX_start(ctx); | 582 | BN_CTX_start(ctx); |
| 580 | if ((A = BN_CTX_get(ctx)) == NULL) | 583 | if ((A = BN_CTX_get(ctx)) == NULL) |
| 581 | goto err; | 584 | goto err; |
| @@ -608,10 +611,12 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 608 | A->neg = 0; | 611 | A->neg = 0; |
| 609 | 612 | ||
| 610 | if (B->neg || (BN_ucmp(B, A) >= 0)) { | 613 | if (B->neg || (BN_ucmp(B, A) >= 0)) { |
| 611 | /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, | 614 | /* |
| 612 | * BN_div_no_branch will be called eventually. | 615 | * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, |
| 613 | */ | 616 | * BN_div_no_branch will be called eventually. |
| 617 | */ | ||
| 614 | pB = &local_B; | 618 | pB = &local_B; |
| 619 | /* BN_init() done at the top of the function. */ | ||
| 615 | BN_with_flags(pB, B, BN_FLG_CONSTTIME); | 620 | BN_with_flags(pB, B, BN_FLG_CONSTTIME); |
| 616 | if (!BN_nnmod(B, pB, A, ctx)) | 621 | if (!BN_nnmod(B, pB, A, ctx)) |
| 617 | goto err; | 622 | goto err; |
| @@ -633,10 +638,12 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 633 | * sign*Y*a == A (mod |n|) | 638 | * sign*Y*a == A (mod |n|) |
| 634 | */ | 639 | */ |
| 635 | 640 | ||
| 636 | /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, | 641 | /* |
| 637 | * BN_div_no_branch will be called eventually. | 642 | * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, |
| 638 | */ | 643 | * BN_div_no_branch will be called eventually. |
| 644 | */ | ||
| 639 | pA = &local_A; | 645 | pA = &local_A; |
| 646 | /* BN_init() done at the top of the function. */ | ||
| 640 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); | 647 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); |
| 641 | 648 | ||
| 642 | /* (D, M) := (A/B, A%B) ... */ | 649 | /* (D, M) := (A/B, A%B) ... */ |
| @@ -740,6 +747,9 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 740 | goto err; | 747 | goto err; |
| 741 | R = in; | 748 | R = in; |
| 742 | 749 | ||
| 750 | BN_init(&local_A); | ||
| 751 | BN_init(&local_B); | ||
| 752 | |||
| 743 | bn_check_top(a); | 753 | bn_check_top(a); |
| 744 | bn_check_top(n); | 754 | bn_check_top(n); |
| 745 | 755 | ||
| @@ -768,10 +778,12 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 768 | A->neg = 0; | 778 | A->neg = 0; |
| 769 | 779 | ||
| 770 | if (B->neg || (BN_ucmp(B, A) >= 0)) { | 780 | if (B->neg || (BN_ucmp(B, A) >= 0)) { |
| 771 | /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, | 781 | /* |
| 772 | * BN_div_no_branch will be called eventually. | 782 | * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, |
| 773 | */ | 783 | * BN_div_no_branch will be called eventually. |
| 784 | */ | ||
| 774 | pB = &local_B; | 785 | pB = &local_B; |
| 786 | /* BN_init() done at the top of the function. */ | ||
| 775 | BN_with_flags(pB, B, BN_FLG_CONSTTIME); | 787 | BN_with_flags(pB, B, BN_FLG_CONSTTIME); |
| 776 | if (!BN_nnmod(B, pB, A, ctx)) | 788 | if (!BN_nnmod(B, pB, A, ctx)) |
| 777 | goto err; | 789 | goto err; |
| @@ -793,10 +805,12 @@ BN_gcd_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, | |||
| 793 | * sign*Y*a == A (mod |n|) | 805 | * sign*Y*a == A (mod |n|) |
| 794 | */ | 806 | */ |
| 795 | 807 | ||
| 796 | /* Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, | 808 | /* |
| 797 | * BN_div_no_branch will be called eventually. | 809 | * Turn BN_FLG_CONSTTIME flag on, so that when BN_div is invoked, |
| 798 | */ | 810 | * BN_div_no_branch will be called eventually. |
| 811 | */ | ||
| 799 | pA = &local_A; | 812 | pA = &local_A; |
| 813 | /* BN_init() done at the top of the function. */ | ||
| 800 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); | 814 | BN_with_flags(pA, A, BN_FLG_CONSTTIME); |
| 801 | 815 | ||
| 802 | /* (D, M) := (A/B, A%B) ... */ | 816 | /* (D, M) := (A/B, A%B) ... */ |