From 3ce2fddbbb0fbded19721d5da476dfdfecb1e48b Mon Sep 17 00:00:00 2001 From: bcook <> Date: Thu, 30 Jun 2016 02:02:06 +0000 Subject: Remove flags for disabling constant-time operations. MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME, and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally constant-time. Based on the original patch by César Pereid. ok beck@ --- src/regress/lib/libcrypto/dh/dhtest.c | 96 ++++++++++++--------------------- src/regress/lib/libcrypto/dsa/dsatest.c | 7 --- 2 files changed, 33 insertions(+), 70 deletions(-) (limited to 'src/regress/lib') diff --git a/src/regress/lib/libcrypto/dh/dhtest.c b/src/regress/lib/libcrypto/dh/dhtest.c index f1ddc5ccf5..9c2d507d97 100644 --- a/src/regress/lib/libcrypto/dh/dhtest.c +++ b/src/regress/lib/libcrypto/dh/dhtest.c @@ -73,16 +73,30 @@ #include -static int cb(int p, int n, BN_GENCB *arg); +static int cb(int p, int n, BN_GENCB *arg) +{ + char c='*'; + + if (p == 0) + c='.'; + if (p == 1) + c='+'; + if (p == 2) + c='*'; + if (p == 3) + c='\n'; + BIO_write(arg->arg,&c,1); + (void)BIO_flush(arg->arg); + return 1; +} int main(int argc, char *argv[]) - { +{ BN_GENCB _cb; DH *a; - DH *b=NULL; char buf[12]; - unsigned char *abuf=NULL,*bbuf=NULL; - int i,alen,blen,aout,bout,ret=1; + unsigned char *abuf=NULL; + int i,alen,aout,ret=1; BIO *out; out=BIO_new(BIO_s_file()); @@ -90,11 +104,12 @@ int main(int argc, char *argv[]) BIO_set_fp(out,stdout,BIO_NOCLOSE); BN_GENCB_set(&_cb, &cb, out); - if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64, - DH_GENERATOR_5, &_cb)) + if (((a = DH_new()) == NULL) || + !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb)) goto err; - if (!DH_check(a, &i)) goto err; + if (!DH_check(a, &i)) + goto err; if (i & DH_CHECK_P_NOT_PRIME) BIO_puts(out, "p value is not prime\n"); if (i & DH_CHECK_P_NOT_SAFE_PRIME) @@ -110,81 +125,36 @@ int main(int argc, char *argv[]) BN_print(out,a->g); BIO_puts(out,"\n"); - b=DH_new(); - if (b == NULL) goto err; - - b->p=BN_dup(a->p); - b->g=BN_dup(a->g); - if ((b->p == NULL) || (b->g == NULL)) goto err; - - /* Set a to run with normal modexp and b to use constant time */ - a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME; - b->flags |= DH_FLAG_NO_EXP_CONSTTIME; - - if (!DH_generate_key(a)) goto err; + if (!DH_generate_key(a)) + goto err; BIO_puts(out,"pri 1="); BN_print(out,a->priv_key); BIO_puts(out,"\npub 1="); BN_print(out,a->pub_key); BIO_puts(out,"\n"); - if (!DH_generate_key(b)) goto err; - BIO_puts(out,"pri 2="); - BN_print(out,b->priv_key); - BIO_puts(out,"\npub 2="); - BN_print(out,b->pub_key); - BIO_puts(out,"\n"); - alen=DH_size(a); abuf=malloc(alen); - aout=DH_compute_key(abuf,b->pub_key,a); + aout=DH_compute_key(abuf,a->pub_key,a); BIO_puts(out,"key1 ="); - for (i=0; ipub_key,b); - - BIO_puts(out,"key2 ="); - for (i=0; iarg,&c,1); - (void)BIO_flush(arg->arg); - return 1; - } +} diff --git a/src/regress/lib/libcrypto/dsa/dsatest.c b/src/regress/lib/libcrypto/dsa/dsatest.c index 1fb929a689..444cda532d 100644 --- a/src/regress/lib/libcrypto/dsa/dsatest.c +++ b/src/regress/lib/libcrypto/dsa/dsatest.c @@ -182,13 +182,6 @@ int main(int argc, char **argv) goto end; } - dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME; - DSA_generate_key(dsa); - DSA_sign(0, str1, 20, sig, &siglen, dsa); - if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) - ret=1; - - dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME; DSA_generate_key(dsa); DSA_sign(0, str1, 20, sig, &siglen, dsa); if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1) -- cgit v1.2.3-55-g6feb