diff options
Diffstat (limited to 'src/lib')
| -rw-r--r-- | src/lib/libcrypto/bn/bn_exp.c | 31 |
1 files changed, 19 insertions, 12 deletions
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c index cb95d711fe..25b31bea23 100644 --- a/src/lib/libcrypto/bn/bn_exp.c +++ b/src/lib/libcrypto/bn/bn_exp.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: bn_exp.c,v 1.48 2023/10/19 10:17:52 tb Exp $ */ | 1 | /* $OpenBSD: bn_exp.c,v 1.49 2023/10/19 10:23:00 tb Exp $ */ |
| 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 | * All rights reserved. | 3 | * All rights reserved. |
| 4 | * | 4 | * |
| @@ -968,12 +968,13 @@ int | |||
| 968 | BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | 968 | BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, |
| 969 | BN_CTX *ctx) | 969 | BN_CTX *ctx) |
| 970 | { | 970 | { |
| 971 | int i, j, bits, ret = 0, wstart, wend, window, wvalue; | 971 | int i, j, bits, wstart, wend, window, wvalue; |
| 972 | int start = 1; | 972 | int start = 1; |
| 973 | BIGNUM *aa; | 973 | BIGNUM *aa, *q; |
| 974 | /* Table of variables obtained from 'ctx' */ | 974 | /* Table of variables obtained from 'ctx' */ |
| 975 | BIGNUM *val[TABLE_SIZE]; | 975 | BIGNUM *val[TABLE_SIZE]; |
| 976 | BN_RECP_CTX recp; | 976 | BN_RECP_CTX recp; |
| 977 | int ret = 0; | ||
| 977 | 978 | ||
| 978 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { | 979 | if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { |
| 979 | /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ | 980 | /* BN_FLG_CONSTTIME only supported by BN_mod_exp_mont() */ |
| @@ -997,6 +998,8 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 997 | BN_CTX_start(ctx); | 998 | BN_CTX_start(ctx); |
| 998 | if ((aa = BN_CTX_get(ctx)) == NULL) | 999 | if ((aa = BN_CTX_get(ctx)) == NULL) |
| 999 | goto err; | 1000 | goto err; |
| 1001 | if ((q = BN_CTX_get(ctx)) == NULL) | ||
| 1002 | goto err; | ||
| 1000 | if ((val[0] = BN_CTX_get(ctx)) == NULL) | 1003 | if ((val[0] = BN_CTX_get(ctx)) == NULL) |
| 1001 | goto err; | 1004 | goto err; |
| 1002 | 1005 | ||
| @@ -1016,9 +1019,10 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 1016 | goto err; /* 1 */ | 1019 | goto err; /* 1 */ |
| 1017 | if (BN_is_zero(val[0])) { | 1020 | if (BN_is_zero(val[0])) { |
| 1018 | BN_zero(r); | 1021 | BN_zero(r); |
| 1019 | ret = 1; | 1022 | goto done; |
| 1020 | goto err; | ||
| 1021 | } | 1023 | } |
| 1024 | if (!bn_copy(q, p)) | ||
| 1025 | goto err; | ||
| 1022 | 1026 | ||
| 1023 | window = BN_window_bits_for_exponent_size(bits); | 1027 | window = BN_window_bits_for_exponent_size(bits); |
| 1024 | if (window > 1) { | 1028 | if (window > 1) { |
| @@ -1044,9 +1048,9 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 1044 | goto err; | 1048 | goto err; |
| 1045 | 1049 | ||
| 1046 | for (;;) { | 1050 | for (;;) { |
| 1047 | if (BN_is_bit_set(p, wstart) == 0) { | 1051 | if (BN_is_bit_set(q, wstart) == 0) { |
| 1048 | if (!start) | 1052 | if (!start) |
| 1049 | if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx)) | 1053 | if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) |
| 1050 | goto err; | 1054 | goto err; |
| 1051 | if (wstart == 0) | 1055 | if (wstart == 0) |
| 1052 | break; | 1056 | break; |
| @@ -1063,7 +1067,7 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 1063 | for (i = 1; i < window; i++) { | 1067 | for (i = 1; i < window; i++) { |
| 1064 | if (wstart - i < 0) | 1068 | if (wstart - i < 0) |
| 1065 | break; | 1069 | break; |
| 1066 | if (BN_is_bit_set(p, wstart - i)) { | 1070 | if (BN_is_bit_set(q, wstart - i)) { |
| 1067 | wvalue <<= (i - wend); | 1071 | wvalue <<= (i - wend); |
| 1068 | wvalue |= 1; | 1072 | wvalue |= 1; |
| 1069 | wend = i; | 1073 | wend = i; |
| @@ -1075,12 +1079,12 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 1075 | /* add the 'bytes above' */ | 1079 | /* add the 'bytes above' */ |
| 1076 | if (!start) | 1080 | if (!start) |
| 1077 | for (i = 0; i < j; i++) { | 1081 | for (i = 0; i < j; i++) { |
| 1078 | if (!BN_mod_mul_reciprocal(r, r,r, &recp, ctx)) | 1082 | if (!BN_mod_mul_reciprocal(r, r, r, &recp, ctx)) |
| 1079 | goto err; | 1083 | goto err; |
| 1080 | } | 1084 | } |
| 1081 | 1085 | ||
| 1082 | /* wvalue will be an odd number < 2^window */ | 1086 | /* wvalue will be an odd number < 2^window */ |
| 1083 | if (!BN_mod_mul_reciprocal(r, r,val[wvalue >> 1], &recp, ctx)) | 1087 | if (!BN_mod_mul_reciprocal(r, r, val[wvalue >> 1], &recp, ctx)) |
| 1084 | goto err; | 1088 | goto err; |
| 1085 | 1089 | ||
| 1086 | /* move the 'window' down further */ | 1090 | /* move the 'window' down further */ |
| @@ -1090,12 +1094,15 @@ BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, | |||
| 1090 | if (wstart < 0) | 1094 | if (wstart < 0) |
| 1091 | break; | 1095 | break; |
| 1092 | } | 1096 | } |
| 1097 | |||
| 1098 | done: | ||
| 1093 | ret = 1; | 1099 | ret = 1; |
| 1094 | 1100 | ||
| 1095 | err: | 1101 | err: |
| 1096 | BN_CTX_end(ctx); | 1102 | BN_CTX_end(ctx); |
| 1097 | BN_RECP_CTX_free(&recp); | 1103 | BN_RECP_CTX_free(&recp); |
| 1098 | return (ret); | 1104 | |
| 1105 | return ret; | ||
| 1099 | } | 1106 | } |
| 1100 | 1107 | ||
| 1101 | static int | 1108 | static int |