summaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/lib/libcrypto/Makefile5
-rw-r--r--src/lib/libcrypto/bn/bn.h4
-rw-r--r--src/lib/libcrypto/bn/bn_blind.c4
-rw-r--r--src/lib/libcrypto/bn/bn_exp.c66
-rw-r--r--src/lib/libcrypto/bn/bn_lcl.h12
-rw-r--r--src/lib/libcrypto/bn/bn_prime.c4
-rw-r--r--src/lib/libcrypto/bn/bn_sqrt.c10
-rw-r--r--src/lib/libcrypto/dh/dh_key.c6
-rw-r--r--src/lib/libcrypto/dsa/dsa_ameth.c6
-rw-r--r--src/lib/libcrypto/dsa/dsa_gen.c5
-rw-r--r--src/lib/libcrypto/dsa/dsa_key.c5
-rw-r--r--src/lib/libcrypto/dsa/dsa_ossl.c6
-rw-r--r--src/lib/libcrypto/pem/pvkfmt.c6
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c6
-rw-r--r--src/regress/lib/libcrypto/bn/general/Makefile4
-rw-r--r--src/regress/lib/libcrypto/bn/general/bntest.c81
-rw-r--r--src/regress/lib/libcrypto/bn/mont/Makefile4
-rw-r--r--src/regress/lib/libcrypto/exp/Makefile6
-rw-r--r--src/regress/lib/libcrypto/exp/exptest.c56
19 files changed, 249 insertions, 47 deletions
diff --git a/src/lib/libcrypto/Makefile b/src/lib/libcrypto/Makefile
index 29b6669a12..3fb904b470 100644
--- a/src/lib/libcrypto/Makefile
+++ b/src/lib/libcrypto/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.13 2016/12/21 15:49:29 jsing Exp $ 1# $OpenBSD: Makefile,v 1.14 2017/01/21 09:38:58 beck Exp $
2 2
3LIB= crypto 3LIB= crypto
4 4
@@ -24,7 +24,8 @@ CFLAGS+= -DLIBRESSL_INTERNAL
24CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this? 24CFLAGS+= -DOPENSSL_NO_HW_PADLOCK # XXX enable this?
25 25
26CFLAGS+= -I${LCRYPTO_SRC} 26CFLAGS+= -I${LCRYPTO_SRC}
27CFLAGS+= -I${LCRYPTO_SRC}/modes -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/evp 27CFLAGS+= -I${LCRYPTO_SRC}/asn1 -I${LCRYPTO_SRC}/bn -I${LCRYPTO_SRC}/evp
28CFLAGS+= -I${LCRYPTO_SRC}/modes
28 29
29VERSION_SCRIPT= Symbols.map 30VERSION_SCRIPT= Symbols.map
30SYMBOL_LIST= ${.CURDIR}/Symbols.list 31SYMBOL_LIST= ${.CURDIR}/Symbols.list
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 5f8278faa8..16ba8ae981 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn.h,v 1.32 2016/12/21 15:49:29 jsing Exp $ */ 1/* $OpenBSD: bn.h,v 1.33 2017/01/21 09:38:58 beck Exp $ */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -418,10 +418,12 @@ int BN_lshift(BIGNUM *r, const BIGNUM *a, int n);
418int BN_lshift1(BIGNUM *r, const BIGNUM *a); 418int BN_lshift1(BIGNUM *r, const BIGNUM *a);
419int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx); 419int BN_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx);
420 420
421#ifndef LIBRESSL_INTERNAL
421int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 422int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
422 const BIGNUM *m, BN_CTX *ctx); 423 const BIGNUM *m, BN_CTX *ctx);
423int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 424int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
424 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); 425 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
426#endif
425int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, 427int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
426 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont); 428 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont);
427int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, 429int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p,
diff --git a/src/lib/libcrypto/bn/bn_blind.c b/src/lib/libcrypto/bn/bn_blind.c
index c842f76c6f..01874f6208 100644
--- a/src/lib/libcrypto/bn/bn_blind.c
+++ b/src/lib/libcrypto/bn/bn_blind.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_blind.c,v 1.14 2014/07/12 16:03:36 miod Exp $ */ 1/* $OpenBSD: bn_blind.c,v 1.15 2017/01/21 09:38:58 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -372,7 +372,7 @@ BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m,
372 ctx, ret->m_ctx)) 372 ctx, ret->m_ctx))
373 goto err; 373 goto err;
374 } else { 374 } else {
375 if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) 375 if (!BN_mod_exp_ct(ret->A, ret->A, ret->e, ret->mod, ctx))
376 goto err; 376 goto err;
377 } 377 }
378 378
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index 83c62be25a..ed4bc666bf 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_exp.c,v 1.27 2017/01/21 04:34:16 beck Exp $ */ 1/* $OpenBSD: bn_exp.c,v 1.28 2017/01/21 09:38:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -172,9 +172,9 @@ err:
172 return (ret); 172 return (ret);
173} 173}
174 174
175int 175static int
176BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, 176BN_mod_exp_internal(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
177 BN_CTX *ctx) 177 BN_CTX *ctx, int ct)
178{ 178{
179 int ret; 179 int ret;
180 180
@@ -213,12 +213,11 @@ BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
213 */ 213 */
214 214
215 if (BN_is_odd(m)) { 215 if (BN_is_odd(m)) {
216 if (a->top == 1 && !a->neg && 216 if (a->top == 1 && !a->neg && !ct) {
217 (BN_get_flags(p, BN_FLG_CONSTTIME) == 0)) {
218 BN_ULONG A = a->d[0]; 217 BN_ULONG A = a->d[0];
219 ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL); 218 ret = BN_mod_exp_mont_word(r, A,p, m,ctx, NULL);
220 } else 219 } else
221 ret = BN_mod_exp_mont(r, a,p, m,ctx, NULL); 220 ret = BN_mod_exp_mont_ct(r, a,p, m,ctx, NULL);
222 } else { 221 } else {
223 ret = BN_mod_exp_recp(r, a,p, m, ctx); 222 ret = BN_mod_exp_recp(r, a,p, m, ctx);
224 } 223 }
@@ -228,6 +227,30 @@ BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
228} 227}
229 228
230int 229int
230BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
231 BN_CTX *ctx)
232{
233 return BN_mod_exp_internal(r, a, p, m, ctx,
234 (BN_get_flags(p, BN_FLG_CONSTTIME) != 0));
235}
236
237int
238BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
239 BN_CTX *ctx)
240{
241 return BN_mod_exp_internal(r, a, p, m, ctx, 1);
242}
243
244
245int
246BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
247 BN_CTX *ctx)
248{
249 return BN_mod_exp_internal(r, a, p, m, ctx, 0);
250}
251
252
253int
231BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, 254BN_mod_exp_recp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
232 BN_CTX *ctx) 255 BN_CTX *ctx)
233{ 256{
@@ -361,9 +384,9 @@ err:
361 return (ret); 384 return (ret);
362} 385}
363 386
364int 387static int
365BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, 388BN_mod_exp_mont_internal(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
366 BN_CTX *ctx, BN_MONT_CTX *in_mont) 389 BN_CTX *ctx, BN_MONT_CTX *in_mont, int ct)
367{ 390{
368 int i, j, bits, ret = 0, wstart, wend, window, wvalue; 391 int i, j, bits, ret = 0, wstart, wend, window, wvalue;
369 int start = 1; 392 int start = 1;
@@ -373,7 +396,7 @@ BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
373 BIGNUM *val[TABLE_SIZE]; 396 BIGNUM *val[TABLE_SIZE];
374 BN_MONT_CTX *mont = NULL; 397 BN_MONT_CTX *mont = NULL;
375 398
376 if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { 399 if (ct) {
377 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); 400 return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont);
378 } 401 }
379 402
@@ -513,6 +536,27 @@ err:
513 return (ret); 536 return (ret);
514} 537}
515 538
539int
540BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
541 BN_CTX *ctx, BN_MONT_CTX *in_mont)
542{
543 return BN_mod_exp_mont_internal(rr, a, p, m, ctx, in_mont,
544 (BN_get_flags(p, BN_FLG_CONSTTIME) != 0));
545}
546
547int
548BN_mod_exp_mont_ct(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
549 BN_CTX *ctx, BN_MONT_CTX *in_mont)
550{
551 return BN_mod_exp_mont_internal(rr, a, p, m, ctx, in_mont, 1);
552}
553
554int
555BN_mod_exp_mont_nonct(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m,
556 BN_CTX *ctx, BN_MONT_CTX *in_mont)
557{
558 return BN_mod_exp_mont_internal(rr, a, p, m, ctx, in_mont, 0);
559}
516 560
517/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout 561/* BN_mod_exp_mont_consttime() stores the precomputed powers in a specific layout
518 * so that accessing any of these table values shows the same access pattern as far 562 * so that accessing any of these table values shows the same access pattern as far
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index ca130a63cb..f8ce4bdc51 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_lcl.h,v 1.23 2016/12/21 15:49:29 jsing Exp $ */ 1/* $OpenBSD: bn_lcl.h,v 1.24 2017/01/21 09:38:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -584,6 +584,16 @@ BN_ULONG bn_sub_words(BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp, int
584 584
585int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); 585int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
586 586
587/* Explicitly const time / non-const time versions for internal use */
588int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
589 const BIGNUM *m, BN_CTX *ctx);
590int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
591 const BIGNUM *m, BN_CTX *ctx);
592int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
593 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
594int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
595 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
596
587__END_HIDDEN_DECLS 597__END_HIDDEN_DECLS
588 598
589#endif 599#endif
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index fb39756de2..b2f32684e4 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_prime.c,v 1.15 2016/07/05 02:54:35 bcook Exp $ */ 1/* $OpenBSD: bn_prime.c,v 1.16 2017/01/21 09:38:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -369,7 +369,7 @@ static int
369witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd, 369witness(BIGNUM *w, const BIGNUM *a, const BIGNUM *a1, const BIGNUM *a1_odd,
370 int k, BN_CTX *ctx, BN_MONT_CTX *mont) 370 int k, BN_CTX *ctx, BN_MONT_CTX *mont)
371{ 371{
372 if (!BN_mod_exp_mont(w, w, a1_odd, a, ctx, mont)) 372 if (!BN_mod_exp_mont_ct(w, w, a1_odd, a, ctx, mont))
373 /* w := w^a1_odd mod a */ 373 /* w := w^a1_odd mod a */
374 return -1; 374 return -1;
375 if (BN_is_one(w)) 375 if (BN_is_one(w))
diff --git a/src/lib/libcrypto/bn/bn_sqrt.c b/src/lib/libcrypto/bn/bn_sqrt.c
index e5231d2a95..5928dfc79d 100644
--- a/src/lib/libcrypto/bn/bn_sqrt.c
+++ b/src/lib/libcrypto/bn/bn_sqrt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: bn_sqrt.c,v 1.7 2016/11/08 01:40:22 guenther Exp $ */ 1/* $OpenBSD: bn_sqrt.c,v 1.8 2017/01/21 09:38:58 beck Exp $ */
2/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de> 2/* Written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
3 * and Bodo Moeller for the OpenSSL project. */ 3 * and Bodo Moeller for the OpenSSL project. */
4/* ==================================================================== 4/* ====================================================================
@@ -149,7 +149,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
149 q->neg = 0; 149 q->neg = 0;
150 if (!BN_add_word(q, 1)) 150 if (!BN_add_word(q, 1))
151 goto end; 151 goto end;
152 if (!BN_mod_exp(ret, A, q, p, ctx)) 152 if (!BN_mod_exp_ct(ret, A, q, p, ctx))
153 goto end; 153 goto end;
154 err = 0; 154 err = 0;
155 goto vrfy; 155 goto vrfy;
@@ -190,7 +190,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
190 if (!BN_rshift(q, p, 3)) 190 if (!BN_rshift(q, p, 3))
191 goto end; 191 goto end;
192 q->neg = 0; 192 q->neg = 0;
193 if (!BN_mod_exp(b, t, q, p, ctx)) 193 if (!BN_mod_exp_ct(b, t, q, p, ctx))
194 goto end; 194 goto end;
195 195
196 /* y := b^2 */ 196 /* y := b^2 */
@@ -272,7 +272,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
272 272
273 /* Now that we have some non-square, we can find an element 273 /* Now that we have some non-square, we can find an element
274 * of order 2^e by computing its q'th power. */ 274 * of order 2^e by computing its q'th power. */
275 if (!BN_mod_exp(y, y, q, p, ctx)) 275 if (!BN_mod_exp_ct(y, y, q, p, ctx))
276 goto end; 276 goto end;
277 if (BN_is_one(y)) { 277 if (BN_is_one(y)) {
278 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME); 278 BNerr(BN_F_BN_MOD_SQRT, BN_R_P_IS_NOT_PRIME);
@@ -314,7 +314,7 @@ BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx)
314 } else if (!BN_one(x)) 314 } else if (!BN_one(x))
315 goto end; 315 goto end;
316 } else { 316 } else {
317 if (!BN_mod_exp(x, A, t, p, ctx)) 317 if (!BN_mod_exp_ct(x, A, t, p, ctx))
318 goto end; 318 goto end;
319 if (BN_is_zero(x)) { 319 if (BN_is_zero(x)) {
320 /* special case: a == 0 (mod p) */ 320 /* special case: a == 0 (mod p) */
diff --git a/src/lib/libcrypto/dh/dh_key.c b/src/lib/libcrypto/dh/dh_key.c
index 6eb1365bf6..5b365cdd06 100644
--- a/src/lib/libcrypto/dh/dh_key.c
+++ b/src/lib/libcrypto/dh/dh_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dh_key.c,v 1.25 2016/07/07 11:53:12 bcook Exp $ */ 1/* $OpenBSD: dh_key.c,v 1.26 2017/01/21 09:38:58 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -62,6 +62,8 @@
62#include <openssl/dh.h> 62#include <openssl/dh.h>
63#include <openssl/err.h> 63#include <openssl/err.h>
64 64
65#include "bn_lcl.h"
66
65static int generate_key(DH *dh); 67static int generate_key(DH *dh);
66static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh); 68static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
67static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, 69static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a,
@@ -233,7 +235,7 @@ static int
233dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 235dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
234 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) 236 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
235{ 237{
236 return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx); 238 return BN_mod_exp_mont_ct(r, a, p, m, ctx, m_ctx);
237} 239}
238 240
239static int 241static int
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 3e434701aa..92ad02e187 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ameth.c,v 1.20 2016/10/19 16:49:11 jsing Exp $ */ 1/* $OpenBSD: dsa_ameth.c,v 1.21 2017/01/21 09:38:59 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -66,8 +66,8 @@
66#include <openssl/err.h> 66#include <openssl/err.h>
67#include <openssl/x509.h> 67#include <openssl/x509.h>
68 68
69
70#include "asn1_locl.h" 69#include "asn1_locl.h"
70#include "bn_lcl.h"
71 71
72static int 72static int
73dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) 73dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
@@ -224,7 +224,7 @@ dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
224 goto dsaerr; 224 goto dsaerr;
225 } 225 }
226 226
227 if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) { 227 if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
228 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR); 228 DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
229 goto dsaerr; 229 goto dsaerr;
230 } 230 }
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index 7ddb7fec5e..d627e5ae9c 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_gen.c,v 1.22 2015/07/15 18:34:37 miod Exp $ */ 1/* $OpenBSD: dsa_gen.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -68,6 +68,7 @@
68#include <openssl/evp.h> 68#include <openssl/evp.h>
69#include <openssl/sha.h> 69#include <openssl/sha.h>
70 70
71#include "bn_lcl.h"
71#include "dsa_locl.h" 72#include "dsa_locl.h"
72 73
73int 74int
@@ -315,7 +316,7 @@ end:
315 316
316 for (;;) { 317 for (;;) {
317 /* g=test^r0%p */ 318 /* g=test^r0%p */
318 if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont)) 319 if (!BN_mod_exp_mont_ct(g, test, r0, p, ctx, mont))
319 goto err; 320 goto err;
320 if (!BN_is_one(g)) 321 if (!BN_is_one(g))
321 break; 322 break;
diff --git a/src/lib/libcrypto/dsa/dsa_key.c b/src/lib/libcrypto/dsa/dsa_key.c
index fc4eb9c433..cb95e1369c 100644
--- a/src/lib/libcrypto/dsa/dsa_key.c
+++ b/src/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_key.c,v 1.22 2016/06/30 02:02:06 bcook Exp $ */ 1/* $OpenBSD: dsa_key.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -65,6 +65,7 @@
65 65
66#include <openssl/bn.h> 66#include <openssl/bn.h>
67#include <openssl/dsa.h> 67#include <openssl/dsa.h>
68#include "bn_lcl.h"
68 69
69static int dsa_builtin_keygen(DSA *dsa); 70static int dsa_builtin_keygen(DSA *dsa);
70 71
@@ -108,7 +109,7 @@ dsa_builtin_keygen(DSA *dsa)
108 109
109 BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME); 110 BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
110 111
111 if (!BN_mod_exp(pub_key, dsa->g, &prk, dsa->p, ctx)) 112 if (!BN_mod_exp_ct(pub_key, dsa->g, &prk, dsa->p, ctx))
112 goto err; 113 goto err;
113 } 114 }
114 115
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index a28d3e9d1a..3f01a83a44 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: dsa_ossl.c,v 1.26 2016/06/21 04:16:53 bcook Exp $ */ 1/* $OpenBSD: dsa_ossl.c,v 1.27 2017/01/21 09:38:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -66,6 +66,8 @@
66#include <openssl/err.h> 66#include <openssl/err.h>
67#include <openssl/sha.h> 67#include <openssl/sha.h>
68 68
69#include "bn_lcl.h"
70
69static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa); 71static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
70static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, 72static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
71 BIGNUM **rp); 73 BIGNUM **rp);
@@ -238,7 +240,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
238 dsa->method_mont_p)) 240 dsa->method_mont_p))
239 goto err; 241 goto err;
240 } else { 242 } else {
241 if (!BN_mod_exp_mont(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p)) 243 if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))
242 goto err; 244 goto err;
243 } 245 }
244 246
diff --git a/src/lib/libcrypto/pem/pvkfmt.c b/src/lib/libcrypto/pem/pvkfmt.c
index 7a9045396c..0a33a24b9f 100644
--- a/src/lib/libcrypto/pem/pvkfmt.c
+++ b/src/lib/libcrypto/pem/pvkfmt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: pvkfmt.c,v 1.16 2016/03/02 14:28:14 beck Exp $ */ 1/* $OpenBSD: pvkfmt.c,v 1.17 2017/01/21 09:38:59 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -73,6 +73,8 @@
73#include <openssl/dsa.h> 73#include <openssl/dsa.h>
74#include <openssl/rsa.h> 74#include <openssl/rsa.h>
75 75
76#include "bn_lcl.h"
77
76/* Utility function: read a DWORD (4 byte unsigned integer) in little endian 78/* Utility function: read a DWORD (4 byte unsigned integer) in little endian
77 * format 79 * format
78 */ 80 */
@@ -340,7 +342,7 @@ b2i_dss(const unsigned char **in, unsigned int length, unsigned int bitlen,
340 goto memerr; 342 goto memerr;
341 if (!(ctx = BN_CTX_new())) 343 if (!(ctx = BN_CTX_new()))
342 goto memerr; 344 goto memerr;
343 if (!BN_mod_exp(dsa->pub_key, dsa->g, 345 if (!BN_mod_exp_ct(dsa->pub_key, dsa->g,
344 dsa->priv_key, dsa->p, ctx)) 346 dsa->priv_key, dsa->p, ctx))
345 goto memerr; 347 goto memerr;
346 BN_CTX_free(ctx); 348 BN_CTX_free(ctx);
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index af76541c28..640ed9a0d6 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_eay.c,v 1.43 2016/09/09 11:39:11 tb Exp $ */ 1/* $OpenBSD: rsa_eay.c,v 1.44 2017/01/21 09:38:59 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -118,6 +118,8 @@
118#include <openssl/err.h> 118#include <openssl/err.h>
119#include <openssl/rsa.h> 119#include <openssl/rsa.h>
120 120
121#include "bn_lcl.h"
122
121static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 123static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
122 unsigned char *to, RSA *rsa, int padding); 124 unsigned char *to, RSA *rsa, int padding);
123static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 125static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
@@ -137,7 +139,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth = {
137 .rsa_priv_enc = RSA_eay_private_encrypt, /* signing */ 139 .rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
138 .rsa_priv_dec = RSA_eay_private_decrypt, 140 .rsa_priv_dec = RSA_eay_private_decrypt,
139 .rsa_mod_exp = RSA_eay_mod_exp, 141 .rsa_mod_exp = RSA_eay_mod_exp,
140 .bn_mod_exp = BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ 142 .bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if e == 3 */
141 .init = RSA_eay_init, 143 .init = RSA_eay_init,
142 .finish = RSA_eay_finish, 144 .finish = RSA_eay_finish,
143}; 145};
diff --git a/src/regress/lib/libcrypto/bn/general/Makefile b/src/regress/lib/libcrypto/bn/general/Makefile
index 18207ffb01..d578d0fe12 100644
--- a/src/regress/lib/libcrypto/bn/general/Makefile
+++ b/src/regress/lib/libcrypto/bn/general/Makefile
@@ -1,4 +1,4 @@
1# $OpenBSD: Makefile,v 1.3 2016/12/21 15:51:05 jsing Exp $ 1# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
2 2
3.include "../../Makefile.inc" 3.include "../../Makefile.inc"
4 4
@@ -6,6 +6,6 @@ PROG= bntest
6LDADD= ${CRYPTO_INT} 6LDADD= ${CRYPTO_INT}
7DPADD= ${LIBCRYPTO} 7DPADD= ${LIBCRYPTO}
8WARNINGS= Yes 8WARNINGS= Yes
9CFLAGS+= -DLIBRESSL_INTERNAL -Werror 9CFLAGS+= -Werror
10 10
11.include <bsd.regress.mk> 11.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/bn/general/bntest.c b/src/regress/lib/libcrypto/bn/general/bntest.c
index 0247dacaa4..7e5e6ed81b 100644
--- a/src/regress/lib/libcrypto/bn/general/bntest.c
+++ b/src/regress/lib/libcrypto/bn/general/bntest.c
@@ -84,6 +84,15 @@
84#include <openssl/x509.h> 84#include <openssl/x509.h>
85#include <openssl/err.h> 85#include <openssl/err.h>
86 86
87int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *m, BN_CTX *ctx);
89int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
90 const BIGNUM *m, BN_CTX *ctx);
91int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
92 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
93int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
94 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
95
87int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom); 96int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
88 97
89const int num0 = 100; /* number of tests */ 98const int num0 = 100; /* number of tests */
@@ -1037,6 +1046,14 @@ test_mod_exp(BIO *bp, BN_CTX *ctx)
1037 fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n"); 1046 fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
1038 return (0); 1047 return (0);
1039 } 1048 }
1049 if (BN_mod_exp_ct(d, a, b, c, ctx)) {
1050 fprintf(stderr, "BN_mod_exp_ct with zero modulus succeeded!\n");
1051 return (0);
1052 }
1053 if (BN_mod_exp_nonct(d, a, b, c, ctx)) {
1054 fprintf(stderr, "BN_mod_exp_nonct with zero modulus succeeded!\n");
1055 return (0);
1056 }
1040 1057
1041 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */ 1058 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1042 for (i = 0; i < num2; i++) { 1059 for (i = 0; i < num2; i++) {
@@ -1069,6 +1086,70 @@ test_mod_exp(BIO *bp, BN_CTX *ctx)
1069 break; 1086 break;
1070 } 1087 }
1071 } 1088 }
1089
1090 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1091 for (i = 0; i < num2; i++) {
1092 BN_bntest_rand(a, 20 + i * 5, 0, 0);
1093 BN_bntest_rand(b, 2 + i, 0, 0);
1094
1095 if (!BN_mod_exp_ct(d, a, b, c, ctx)) {
1096 rc = 0;
1097 break;
1098 }
1099
1100 if (bp != NULL) {
1101 if (!results) {
1102 BN_print(bp, a);
1103 BIO_puts(bp, " ^ ");
1104 BN_print(bp, b);
1105 BIO_puts(bp, " % ");
1106 BN_print(bp, c);
1107 BIO_puts(bp, " - ");
1108 }
1109 BN_print(bp, d);
1110 BIO_puts(bp, "\n");
1111 }
1112 BN_exp(e, a, b, ctx);
1113 BN_sub(e, e, d);
1114 BN_div(a, b, e, c, ctx);
1115 if (!BN_is_zero(b)) {
1116 fprintf(stderr, "Modulo exponentiation test failed!\n");
1117 rc = 0;
1118 break;
1119 }
1120 }
1121
1122 BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
1123 for (i = 0; i < num2; i++) {
1124 BN_bntest_rand(a, 20 + i * 5, 0, 0);
1125 BN_bntest_rand(b, 2 + i, 0, 0);
1126
1127 if (!BN_mod_exp_nonct(d, a, b, c, ctx)) {
1128 rc = 0;
1129 break;
1130 }
1131
1132 if (bp != NULL) {
1133 if (!results) {
1134 BN_print(bp, a);
1135 BIO_puts(bp, " ^ ");
1136 BN_print(bp, b);
1137 BIO_puts(bp, " % ");
1138 BN_print(bp, c);
1139 BIO_puts(bp, " - ");
1140 }
1141 BN_print(bp, d);
1142 BIO_puts(bp, "\n");
1143 }
1144 BN_exp(e, a, b, ctx);
1145 BN_sub(e, e, d);
1146 BN_div(a, b, e, c, ctx);
1147 if (!BN_is_zero(b)) {
1148 fprintf(stderr, "Modulo exponentiation test failed!\n");
1149 rc = 0;
1150 break;
1151 }
1152 }
1072 BN_free(a); 1153 BN_free(a);
1073 BN_free(b); 1154 BN_free(b);
1074 BN_free(c); 1155 BN_free(c);
diff --git a/src/regress/lib/libcrypto/bn/mont/Makefile b/src/regress/lib/libcrypto/bn/mont/Makefile
index eda36001a3..55c48220d4 100644
--- a/src/regress/lib/libcrypto/bn/mont/Makefile
+++ b/src/regress/lib/libcrypto/bn/mont/Makefile
@@ -1,9 +1,9 @@
1# $OpenBSD: Makefile,v 1.2 2014/07/08 15:53:52 jsing Exp $ 1# $OpenBSD: Makefile,v 1.3 2017/01/21 09:38:58 beck Exp $
2 2
3PROG= mont 3PROG= mont
4LDADD= -lcrypto 4LDADD= -lcrypto
5DPADD= ${LIBCRYPTO} 5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes 6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror 7CFLAGS+= -Werror
8 8
9.include <bsd.regress.mk> 9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/exp/Makefile b/src/regress/lib/libcrypto/exp/Makefile
index 3914201431..890b38e9fe 100644
--- a/src/regress/lib/libcrypto/exp/Makefile
+++ b/src/regress/lib/libcrypto/exp/Makefile
@@ -1,9 +1,9 @@
1# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $ 1# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
2 2
3PROG= exptest 3PROG= exptest
4LDADD= -lcrypto 4LDADD= ${CRYPTO_INT}
5DPADD= ${LIBCRYPTO} 5DPADD= ${LIBCRYPTO}
6WARNINGS= Yes 6WARNINGS= Yes
7CFLAGS+= -DLIBRESSL_INTERNAL -Werror 7CFLAGS+= -Werror
8 8
9.include <bsd.regress.mk> 9.include <bsd.regress.mk>
diff --git a/src/regress/lib/libcrypto/exp/exptest.c b/src/regress/lib/libcrypto/exp/exptest.c
index 45ca5ac5f5..375628cb25 100644
--- a/src/regress/lib/libcrypto/exp/exptest.c
+++ b/src/regress/lib/libcrypto/exp/exptest.c
@@ -64,6 +64,15 @@
64#include <openssl/bn.h> 64#include <openssl/bn.h>
65#include <openssl/err.h> 65#include <openssl/err.h>
66 66
67int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
68 const BIGNUM *m, BN_CTX *ctx);
69int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
70 const BIGNUM *m, BN_CTX *ctx);
71int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
72 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
73int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
74 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
75
67#define NUM_BITS (BN_BITS*2) 76#define NUM_BITS (BN_BITS*2)
68 77
69/* 78/*
@@ -116,6 +125,18 @@ static int test_exp_mod_zero(void)
116 if (!a_is_zero_mod_one("BN_mod_exp", &r, &a)) 125 if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
117 failed = 1; 126 failed = 1;
118 127
128 if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx))
129 goto err;
130
131 if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a))
132 failed = 1;
133
134 if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx))
135 goto err;
136
137 if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a))
138 failed = 1;
139
119 if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx)) 140 if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
120 goto err; 141 goto err;
121 142
@@ -134,6 +155,18 @@ static int test_exp_mod_zero(void)
134 if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a)) 155 if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
135 failed = 1; 156 failed = 1;
136 157
158 if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL))
159 goto err;
160
161 if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a))
162 failed = 1;
163
164 if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL))
165 goto err;
166
167 if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a))
168 failed = 1;
169
137 if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) { 170 if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
138 goto err; 171 goto err;
139 } 172 }
@@ -175,7 +208,8 @@ int main(int argc, char *argv[])
175 BIO *out = NULL; 208 BIO *out = NULL;
176 int i, ret; 209 int i, ret;
177 unsigned char c; 210 unsigned char c;
178 BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m; 211 BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple,
212 *r_mont_ct, *r_mont_nonct, *a, *b, *m;
179 213
180 ERR_load_BN_strings(); 214 ERR_load_BN_strings();
181 215
@@ -184,6 +218,8 @@ int main(int argc, char *argv[])
184 exit(1); 218 exit(1);
185 r_mont = BN_new(); 219 r_mont = BN_new();
186 r_mont_const = BN_new(); 220 r_mont_const = BN_new();
221 r_mont_ct = BN_new();
222 r_mont_nonct = BN_new();
187 r_recp = BN_new(); 223 r_recp = BN_new();
188 r_simple = BN_new(); 224 r_simple = BN_new();
189 a = BN_new(); 225 a = BN_new();
@@ -221,6 +257,20 @@ int main(int argc, char *argv[])
221 exit(1); 257 exit(1);
222 } 258 }
223 259
260 ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
261 if (ret <= 0) {
262 printf("BN_mod_exp_mont_ct() problems\n");
263 ERR_print_errors(out);
264 exit(1);
265 }
266
267 ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
268 if (ret <= 0) {
269 printf("BN_mod_exp_mont_nonct() problems\n");
270 ERR_print_errors(out);
271 exit(1);
272 }
273
224 ret = BN_mod_exp_recp(r_recp, a, b, m, ctx); 274 ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
225 if (ret <= 0) { 275 if (ret <= 0) {
226 printf("BN_mod_exp_recp() problems\n"); 276 printf("BN_mod_exp_recp() problems\n");
@@ -254,6 +304,10 @@ int main(int argc, char *argv[])
254 printf("\nsimple and mont const time results differ\n"); 304 printf("\nsimple and mont const time results differ\n");
255 if (BN_cmp(r_simple, r_recp) != 0) 305 if (BN_cmp(r_simple, r_recp) != 0)
256 printf("\nsimple and recp results differ\n"); 306 printf("\nsimple and recp results differ\n");
307 if (BN_cmp(r_mont, r_mont_ct) != 0)
308 printf("\nmont_ct and mont results differ\n");
309 if (BN_cmp(r_mont_ct, r_mont_nonct) != 0)
310 printf("\nmont_ct and mont_nonct results differ\n");
257 311
258 printf("a (%3d) = ", BN_num_bits(a)); 312 printf("a (%3d) = ", BN_num_bits(a));
259 BN_print(out, a); 313 BN_print(out, a);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-07 05:37:24 +0000