diff options
Diffstat (limited to 'src/lib/libcrypto/dh/dh_key.c')
| -rw-r--r-- | src/lib/libcrypto/dh/dh_key.c | 63 |
1 files changed, 46 insertions, 17 deletions
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c index ff125c2296..3a39f7c8ca 100644 --- a/src/lib/libcrypto/dh/dh_key.c +++ b/src/lib/libcrypto/dh/dh_key.c | |||
| @@ -105,7 +105,7 @@ static int generate_key(DH *dh) | |||
| 105 | int generate_new_key=0; | 105 | int generate_new_key=0; |
| 106 | unsigned l; | 106 | unsigned l; |
| 107 | BN_CTX *ctx; | 107 | BN_CTX *ctx; |
| 108 | BN_MONT_CTX *mont; | 108 | BN_MONT_CTX *mont=NULL; |
| 109 | BIGNUM *pub_key=NULL,*priv_key=NULL; | 109 | BIGNUM *pub_key=NULL,*priv_key=NULL; |
| 110 | 110 | ||
| 111 | ctx = BN_CTX_new(); | 111 | ctx = BN_CTX_new(); |
| @@ -128,21 +128,37 @@ static int generate_key(DH *dh) | |||
| 128 | else | 128 | else |
| 129 | pub_key=dh->pub_key; | 129 | pub_key=dh->pub_key; |
| 130 | 130 | ||
| 131 | if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) | 131 | |
| 132 | if (dh->flags & DH_FLAG_CACHE_MONT_P) | ||
| 132 | { | 133 | { |
| 133 | if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) | 134 | mont = BN_MONT_CTX_set_locked( |
| 134 | if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, | 135 | (BN_MONT_CTX **)&dh->method_mont_p, |
| 135 | dh->p,ctx)) goto err; | 136 | CRYPTO_LOCK_DH, dh->p, ctx); |
| 137 | if (!mont) | ||
| 138 | goto err; | ||
| 136 | } | 139 | } |
| 137 | mont=(BN_MONT_CTX *)dh->method_mont_p; | ||
| 138 | 140 | ||
| 139 | if (generate_new_key) | 141 | if (generate_new_key) |
| 140 | { | 142 | { |
| 141 | l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ | 143 | l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ |
| 142 | if (!BN_rand(priv_key, l, 0, 0)) goto err; | 144 | if (!BN_rand(priv_key, l, 0, 0)) goto err; |
| 143 | } | 145 | } |
| 144 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) | 146 | |
| 145 | goto err; | 147 | { |
| 148 | BIGNUM local_prk; | ||
| 149 | BIGNUM *prk; | ||
| 150 | |||
| 151 | if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) | ||
| 152 | { | ||
| 153 | BN_init(&local_prk); | ||
| 154 | prk = &local_prk; | ||
| 155 | BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); | ||
| 156 | } | ||
| 157 | else | ||
| 158 | prk = priv_key; | ||
| 159 | |||
| 160 | if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) goto err; | ||
| 161 | } | ||
| 146 | 162 | ||
| 147 | dh->pub_key=pub_key; | 163 | dh->pub_key=pub_key; |
| 148 | dh->priv_key=priv_key; | 164 | dh->priv_key=priv_key; |
| @@ -160,7 +176,7 @@ err: | |||
| 160 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | 176 | static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) |
| 161 | { | 177 | { |
| 162 | BN_CTX *ctx; | 178 | BN_CTX *ctx; |
| 163 | BN_MONT_CTX *mont; | 179 | BN_MONT_CTX *mont=NULL; |
| 164 | BIGNUM *tmp; | 180 | BIGNUM *tmp; |
| 165 | int ret= -1; | 181 | int ret= -1; |
| 166 | 182 | ||
| @@ -174,14 +190,21 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 174 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); | 190 | DHerr(DH_F_DH_COMPUTE_KEY,DH_R_NO_PRIVATE_VALUE); |
| 175 | goto err; | 191 | goto err; |
| 176 | } | 192 | } |
| 177 | if ((dh->method_mont_p == NULL) && (dh->flags & DH_FLAG_CACHE_MONT_P)) | 193 | |
| 194 | if (dh->flags & DH_FLAG_CACHE_MONT_P) | ||
| 178 | { | 195 | { |
| 179 | if ((dh->method_mont_p=(char *)BN_MONT_CTX_new()) != NULL) | 196 | mont = BN_MONT_CTX_set_locked( |
| 180 | if (!BN_MONT_CTX_set((BN_MONT_CTX *)dh->method_mont_p, | 197 | (BN_MONT_CTX **)&dh->method_mont_p, |
| 181 | dh->p,ctx)) goto err; | 198 | CRYPTO_LOCK_DH, dh->p, ctx); |
| 199 | if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) | ||
| 200 | { | ||
| 201 | /* XXX */ | ||
| 202 | BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); | ||
| 203 | } | ||
| 204 | if (!mont) | ||
| 205 | goto err; | ||
| 182 | } | 206 | } |
| 183 | 207 | ||
| 184 | mont=(BN_MONT_CTX *)dh->method_mont_p; | ||
| 185 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) | 208 | if (!dh->meth->bn_mod_exp(dh, tmp, pub_key, dh->priv_key,dh->p,ctx,mont)) |
| 186 | { | 209 | { |
| 187 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); | 210 | DHerr(DH_F_DH_COMPUTE_KEY,ERR_R_BN_LIB); |
| @@ -190,8 +213,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) | |||
| 190 | 213 | ||
| 191 | ret=BN_bn2bin(tmp,key); | 214 | ret=BN_bn2bin(tmp,key); |
| 192 | err: | 215 | err: |
| 193 | BN_CTX_end(ctx); | 216 | if (ctx != NULL) |
| 194 | BN_CTX_free(ctx); | 217 | { |
| 218 | BN_CTX_end(ctx); | ||
| 219 | BN_CTX_free(ctx); | ||
| 220 | } | ||
| 195 | return(ret); | 221 | return(ret); |
| 196 | } | 222 | } |
| 197 | 223 | ||
| @@ -200,7 +226,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, | |||
| 200 | const BIGNUM *m, BN_CTX *ctx, | 226 | const BIGNUM *m, BN_CTX *ctx, |
| 201 | BN_MONT_CTX *m_ctx) | 227 | BN_MONT_CTX *m_ctx) |
| 202 | { | 228 | { |
| 203 | if (a->top == 1) | 229 | /* If a is only one word long and constant time is false, use the faster |
| 230 | * exponenentiation function. | ||
| 231 | */ | ||
| 232 | if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) | ||
| 204 | { | 233 | { |
| 205 | BN_ULONG A = a->d[0]; | 234 | BN_ULONG A = a->d[0]; |
| 206 | return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); | 235 | return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); |