1 files changed, 46 insertions, 19 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 648766a6ec..e3641ec468 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
        int generate_new_key=0;
        unsigned l;
        BN_CTX *ctx;
-        BN_MONT_CTX *mont;
+        BN_MONT_CTX *mont=NULL;
        BIGNUM *pub_key=NULL,*priv_key=NULL;
        ctx = BN_CTX_new();
@@ -128,21 +128,37 @@ static int generate_key(DH *dh)
        else
                pub_key=dh->pub_key;
-        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                {
-                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                mont = BN_MONT_CTX_set_locked(
-                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+                                (BN_MONT_CTX **)&dh->method_mont_p,
-                                dh->p,ctx)) goto err;
+                                CRYPTO_LOCK_DH, dh->p, ctx);
+                if (!mont)
+                        goto err;
                }
-        mont=(BN_MONT_CTX *)dh->method_mont_p;
        if (generate_new_key)
                {
                l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
                if (!BN_rand(priv_key, l, 0, 0)) goto err;
                }
-        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))
-                goto err;
+        {
+                BIGNUM local_prk;
+                BIGNUM *prk;
+                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        BN_init(&local_prk);
+                        prk = &local_prk;
+                        BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
+                        }
+                else
+                        prk = priv_key;
+                if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
+        }
                
        dh->pub_key=pub_key;
        dh->priv_key=priv_key;
@@ -160,7 +176,7 @@ err:
 static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        {
        BN_CTX *ctx;
-        BN_MONT_CTX *mont;
+        BN_MONT_CTX *mont=NULL;
        BIGNUM *tmp;
        int ret= -1;
        int check_result;
@@ -175,15 +191,20 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
                goto err;
                }
-        if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))
+        if (dh->flags & DH_FLAG_CACHE_MONT_P)
                {
-                if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)
+                mont = BN_MONT_CTX_set_locked(
-                        if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,
+                                (BN_MONT_CTX **)&dh->method_mont_p,
-                                dh->p,ctx)) goto err;
+                                CRYPTO_LOCK_DH, dh->p, ctx);
+                if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
+                        {
+                        /* XXX */
+                        BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
+                        }
+                if (!mont)
+                        goto err;
                }
-        mont=(BN_MONT_CTX *)dh->method_mont_p;
        if (!DH_check_pub_key(dh, pub_key, &check_result) || check_result)
                {
                DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
@@ -197,8 +218,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
        ret=BN_bn2bin(tmp,key);
 err:
-        BN_CTX_end(ctx);
+        if (ctx != NULL)
-        BN_CTX_free(ctx);
+                {
+                BN_CTX_end(ctx);
+                BN_CTX_free(ctx);
+                }
        return(ret);
        }
@@ -207,7 +231,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
                        const BIGNUM *m, BN_CTX *ctx,
                        BN_MONT_CTX *m_ctx)
        {
-        if (a->top == 1)
+        /* If a is only one word long and constant time is false, use the faster
+         * exponenentiation function.
+         */
+        if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
                {
                BN_ULONG A = a->d[0];
                return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);

diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index 648766a6ec..e3641ec468 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c
@@ -105,7 +105,7 @@ static int generate_key(DH *dh)
105	int generate_new_key=0;	105	int generate_new_key=0;
106	unsigned l;	106	unsigned l;
107	BN_CTX *ctx;	107	BN_CTX *ctx;
108	BN_MONT_CTX *mont;	108	BN_MONT_CTX *mont=NULL;
109	BIGNUM pub_key=NULL,priv_key=NULL;	109	BIGNUM pub_key=NULL,priv_key=NULL;
110		110
111	ctx = BN_CTX_new();	111	ctx = BN_CTX_new();
@@ -128,21 +128,37 @@ static int generate_key(DH *dh)
128	else	128	else
129	pub_key=dh->pub_key;	129	pub_key=dh->pub_key;
130		130
131	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))	131
		132	if (dh->flags & DH_FLAG_CACHE_MONT_P)
132	{	133	{
133	if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)	134	mont = BN_MONT_CTX_set_locked(
134	if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,	135	(BN_MONT_CTX **)&dh->method_mont_p,
135	dh->p,ctx)) goto err;	136	CRYPTO_LOCK_DH, dh->p, ctx);
		137	if (!mont)
		138	goto err;
136	}	139	}
137	mont=(BN_MONT_CTX *)dh->method_mont_p;
138		140
139	if (generate_new_key)	141	if (generate_new_key)
140	{	142	{
141	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */	143	l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */
142	if (!BN_rand(priv_key, l, 0, 0)) goto err;	144	if (!BN_rand(priv_key, l, 0, 0)) goto err;
143	}	145	}
144	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont))	146
145	goto err;	147	{
		148	BIGNUM local_prk;
		149	BIGNUM *prk;
		150
		151	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
		152	{
		153	BN_init(&local_prk);
		154	prk = &local_prk;
		155	BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME);
		156	}
		157	else
		158	prk = priv_key;
		159
		160	if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err;
		161	}
146		162
147	dh->pub_key=pub_key;	163	dh->pub_key=pub_key;
148	dh->priv_key=priv_key;	164	dh->priv_key=priv_key;
@@ -160,7 +176,7 @@ err:
160	static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)	176	static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
161	{	177	{
162	BN_CTX *ctx;	178	BN_CTX *ctx;
163	BN_MONT_CTX *mont;	179	BN_MONT_CTX *mont=NULL;
164	BIGNUM *tmp;	180	BIGNUM *tmp;
165	int ret= -1;	181	int ret= -1;
166	int check_result;	182	int check_result;
@@ -175,15 +191,20 @@ static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
175	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);	191	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE);
176	goto err;	192	goto err;
177	}	193	}
178	if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P))	194
		195	if (dh->flags & DH_FLAG_CACHE_MONT_P)
179	{	196	{
180	if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL)	197	mont = BN_MONT_CTX_set_locked(
181	if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p,	198	(BN_MONT_CTX **)&dh->method_mont_p,
182	dh->p,ctx)) goto err;	199	CRYPTO_LOCK_DH, dh->p, ctx);
		200	if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0)
		201	{
		202	/* XXX */
		203	BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME);
		204	}
		205	if (!mont)
		206	goto err;
183	}	207	}
184
185	mont=(BN_MONT_CTX *)dh->method_mont_p;
186
187	if (!DH_check_pub_key(dh, pub_key, &check_result) \|\| check_result)	208	if (!DH_check_pub_key(dh, pub_key, &check_result) \|\| check_result)
188	{	209	{
189	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);	210	DHerr(DH_F_DH_COMPUTE_KEY,DH_R_INVALID_PUBKEY);
@@ -197,8 +218,11 @@ static int compute_key(unsigned char key, const BIGNUM pub_key, DH *dh)
197		218
198	ret=BN_bn2bin(tmp,key);	219	ret=BN_bn2bin(tmp,key);
199	err:	220	err:
200	BN_CTX_end(ctx);	221	if (ctx != NULL)
201	BN_CTX_free(ctx);	222	{
		223	BN_CTX_end(ctx);
		224	BN_CTX_free(ctx);
		225	}
202	return(ret);	226	return(ret);
203	}	227	}
204		228
@@ -207,7 +231,10 @@ static int dh_bn_mod_exp(const DH dh, BIGNUM r,
207	const BIGNUM m, BN_CTX ctx,	231	const BIGNUM m, BN_CTX ctx,
208	BN_MONT_CTX *m_ctx)	232	BN_MONT_CTX *m_ctx)
209	{	233	{
210	if (a->top == 1)	234	/* If a is only one word long and constant time is false, use the faster
		235	* exponenentiation function.
		236	*/
		237	if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0))
211	{	238	{
212	BN_ULONG A = a->d[0];	239	BN_ULONG A = a->d[0];
213	return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);	240	return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx);