1 files changed, 11 insertions, 26 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 31bc7b3dfd..25e8968ef5 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dh_key.c,v 1.23 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -147,21 +147,16 @@ generate_key(DH *dh)
        }
        {
-                BIGNUM local_prk;
+                BIGNUM prk;
-                BIGNUM *prk;
-                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
+                BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
-                        BN_init(&local_prk);
-                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-                } else
-                        prk = priv_key;
-                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx,
+                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx,
-                    mont))
+                    mont)) {
                        goto err;
+                }
        }
-                
        dh->pub_key = pub_key;
        dh->priv_key = priv_key;
        ok = 1;
@@ -206,10 +201,9 @@ compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        if (dh->flags & DH_FLAG_CACHE_MONT_P) {
                mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
                    CRYPTO_LOCK_DH, dh->p, ctx);
-                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-                        /* XXX */
+                BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-                        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-                }
                if (!mont)
                        goto err;
        }
@@ -238,16 +232,7 @@ static int
 dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
    const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
-        /*
+        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
-         * If a is only one word long and constant time is false, use the faster
-         * exponenentiation function.
-         */
-        if (a->top == 1 && (dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0) {
-                BN_ULONG A = a->d[0];
-                return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
-        } else
-                return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
 static int

diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 31bc7b3dfd..25e8968ef5 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: dh_key.c,v 1.23 2015/02/09 15:49:22 jsing Exp $ */	1	/* $OpenBSD: dh_key.c,v 1.24 2016/06/30 02:02:06 bcook Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -147,21 +147,16 @@ generate_key(DH *dh)
147	}	147	}
148		148
149	{	149	{
150	BIGNUM local_prk;	150	BIGNUM prk;
151	BIGNUM *prk;
152		151
153	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {	152	BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
154	BN_init(&local_prk);
155	prk = &local_prk;
156	BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
157	} else
158	prk = priv_key;
159		153
160	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx,	154	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, &prk, dh->p, ctx,
161	mont))	155	mont)) {
162	goto err;	156	goto err;
		157	}
163	}	158	}
164		159
165	dh->pub_key = pub_key;	160	dh->pub_key = pub_key;
166	dh->priv_key = priv_key;	161	dh->priv_key = priv_key;
167	ok = 1;	162	ok = 1;
@@ -206,10 +201,9 @@ compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
206	if (dh->flags & DH_FLAG_CACHE_MONT_P) {	201	if (dh->flags & DH_FLAG_CACHE_MONT_P) {
207	mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,	202	mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
208	CRYPTO_LOCK_DH, dh->p, ctx);	203	CRYPTO_LOCK_DH, dh->p, ctx);
209	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {	204
210	/* XXX */	205	BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
211	BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);	206
212	}
213	if (!mont)	207	if (!mont)
214	goto err;	208	goto err;
215	}	209	}
@@ -238,16 +232,7 @@ static int
238	dh_bn_mod_exp(const DH dh, BIGNUM r, const BIGNUM a, const BIGNUM p,	232	dh_bn_mod_exp(const DH dh, BIGNUM r, const BIGNUM a, const BIGNUM p,
239	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx)	233	const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *m_ctx)
240	{	234	{
241	/*	235	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
242	* If a is only one word long and constant time is false, use the faster
243	* exponenentiation function.
244	*/
245	if (a->top == 1 && (dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0) {
246	BN_ULONG A = a->d[0];
247
248	return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
249	} else
250	return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
251	}	236	}
252		237
253	static int	238	static int