1 files changed, 24 insertions, 46 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 3a39f7c8ca..648766a6ec 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
        int generate_new_key=0;
        unsigned l;
        BN_CTX *ctx;
-        BN_MONT_CTX *mont=NULL;
+        BN_MONT_CTX *mont;
        BIGNUM *pub_key=NULL,*priv_key=NULL;
        ctx = BN_CTX_new();
@@ -128,37 +128,21 @@ static int generate_key(DH *dh)
        else
                pub_key=dh->pub_key;
+        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
-        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(
+                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                                (BN_MONT_CTX **)&dh->method_mont_p,
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-                                CRYPTO_LOCK_DH, dh->p, ctx);
+                                dh->p,ctx)) goto err;
-                if (!mont)
-                        goto err;
                }
+        mont=(BN_MONT_CTX *)dh->method_mont_p;
        if (generate_new_key)
                {
                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
                if (!BN_rand(priv_key, l, 0, 0)) goto err;
                }
+        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
-        {
+                goto err;
-                BIGNUM local_prk;
-                BIGNUM *prk;
-                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-                        {
-                        BN_init(&local_prk);
-                        prk = &local_prk;
-                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
-                        }
-                else
-                        prk = priv_key;
-                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
-        }
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;
@@ -176,9 +160,10 @@ err:
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
        BN_CTX *ctx;
-        BN_MONT_CTX *mont=NULL;
+        BN_MONT_CTX *mont;
        BIGNUM *tmp;
        int ret= -1;
+        int check_result;
        ctx = BN_CTX_new();
        if (ctx == NULL) goto err;
@@ -190,21 +175,20 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
                goto err;
                }
+        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
-        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                {
-                mont = BN_MONT_CTX_set_locked(
+                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
-                                (BN_MONT_CTX **)&dh->method_mont_p,
+                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
-                                CRYPTO_LOCK_DH, dh->p, ctx);
+                                dh->p,ctx)) goto err;
-                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
-                        {
-                        /* XXX */
-                        BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
-                        }
-                if (!mont)
-                        goto err;
                }
+        mont=(BN_MONT_CTX *)dh->method_mont_p;
+        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
+                {
+                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
+                goto err;
+                }
        if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
                {
                DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
@@ -213,11 +197,8 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        ret=BN_bn2bin(tmp,key);
 err:
-        if (ctx != NULL)
+        BN_CTX_end(ctx);
-                {
+        BN_CTX_free(ctx);
-                BN_CTX_end(ctx);
-                BN_CTX_free(ctx);
-                }
        return(ret);
        }
@@ -226,10 +207,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
                        const BIGNUM *m, BN_CTX *ctx,
                        BN_MONT_CTX *m_ctx)
        {
-        /* If a is only one word long and constant time is false, use the faster
+        if (a->top == 1)
-         * exponenentiation function.
-         */
-        if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
                {
                BN_ULONG A = a->d[0];
                return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);

diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 3a39f7c8ca..648766a6ec 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
105	int generate_new_key=0;	105	int generate_new_key=0;
106	unsigned l;	106	unsigned l;
107	BN_CTX *ctx;	107	BN_CTX *ctx;
108	BN_MONT_CTX *mont=NULL;	108	BN_MONT_CTX *mont;
109	BIGNUM pub_key=NULL,priv_key=NULL;	109	BIGNUM pub_key=NULL,priv_key=NULL;
110		110
111	ctx = BN_CTX_new();	111	ctx = BN_CTX_new();
@@ -128,37 +128,21 @@ static int generate_key(DH *dh)
128	else	128	else
129	pub_key=dh->pub_key;	129	pub_key=dh->pub_key;
130		130
131		131	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
132	if (dh->flags & DH_FLAG_CACHE_MONT_P)
133	{	132	{
134	mont = BN_MONT_CTX_set_locked(	133	if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
135	(BN_MONT_CTX **)&dh->method_mont_p,	134	if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
136	CRYPTO_LOCK_DH, dh->p, ctx);	135	dh->p,ctx)) goto err;
137	if (!mont)
138	goto err;
139	}	136	}
		137	mont=(BN_MONT_CTX *)dh->method_mont_p;
140		138
141	if (generate_new_key)	139	if (generate_new_key)
142	{	140	{
143	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */	141	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
144	if (!BN_rand(priv_key, l, 0, 0)) goto err;	142	if (!BN_rand(priv_key, l, 0, 0)) goto err;
145	}	143	}
146		144	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
147	{	145	goto err;
148	BIGNUM local_prk;
149	BIGNUM *prk;
150
151	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
152	{
153	BN_init(&local_prk);
154	prk = &local_prk;
155	BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
156	}
157	else
158	prk = priv_key;
159
160	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
161	}
162		146
163	dh->pub_key=pub_key;	147	dh->pub_key=pub_key;
164	dh->priv_key=priv_key;	148	dh->priv_key=priv_key;
@@ -176,9 +160,10 @@ err:
176	static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)	160	static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
177	{	161	{
178	BN_CTX *ctx;	162	BN_CTX *ctx;
179	BN_MONT_CTX *mont=NULL;	163	BN_MONT_CTX *mont;
180	BIGNUM *tmp;	164	BIGNUM *tmp;
181	int ret= -1;	165	int ret= -1;
		166	int check_result;
182		167
183	ctx = BN_CTX_new();	168	ctx = BN_CTX_new();
184	if (ctx == NULL) goto err;	169	if (ctx == NULL) goto err;
@@ -190,21 +175,20 @@ static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
190	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);	175	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
191	goto err;	176	goto err;
192	}	177	}
193		178	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
194	if (dh->flags & DH_FLAG_CACHE_MONT_P)
195	{	179	{
196	mont = BN_MONT_CTX_set_locked(	180	if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
197	(BN_MONT_CTX **)&dh->method_mont_p,	181	if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
198	CRYPTO_LOCK_DH, dh->p, ctx);	182	dh->p,ctx)) goto err;
199	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
200	{
201	/* XXX */
202	BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
203	}
204	if (!mont)
205	goto err;
206	}	183	}
207		184
		185	mont=(BN_MONT_CTX *)dh->method_mont_p;
		186
		187	if (!DH_check_pub_key(dh, pub_key, &check_result) \|\| check_result)
		188	{
		189	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
		190	goto err;
		191	}
208	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))	192	if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont))
209	{	193	{
210	DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);	194	DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB);
@@ -213,11 +197,8 @@ static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
213		197
214	ret=BN_bn2bin(tmp,key);	198	ret=BN_bn2bin(tmp,key);
215	err:	199	err:
216	if (ctx != NULL)	200	BN_CTX_end(ctx);
217	{	201	BN_CTX_free(ctx);
218	BN_CTX_end(ctx);
219	BN_CTX_free(ctx);
220	}
221	return(ret);	202	return(ret);
222	}	203	}
223		204
@@ -226,10 +207,7 @@ static int dh_bn_mod_exp(const DH dh, BIGNUM r,
226	const BIGNUM m, BN_CTX ctx,	207	const BIGNUM m, BN_CTX ctx,
227	BN_MONT_CTX *m_ctx)	208	BN_MONT_CTX *m_ctx)
228	{	209	{
229	/* If a is only one word long and constant time is false, use the faster	210	if (a->top == 1)
230	* exponenentiation function.
231	*/
232	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
233	{	211	{
234	BN_ULONG A = a->d[0];	212	BN_ULONG A = a->d[0];
235	return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);	213	return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);