From bce45cc241b51da39ead8b476c811b47d76ccc46 Mon Sep 17 00:00:00 2001
From: beck <>
Date: Sat, 21 Jan 2017 10:38:29 +0000
Subject: Split out BN_div and BN_mod into ct and nonct versions for Internal
use. ok jsing@
---
src/lib/libcrypto/bn/bn.h | 4 +++-
src/lib/libcrypto/bn/bn_div.c | 36 +++++++++++++++++++++++++++++-------
src/lib/libcrypto/bn/bn_exp.c | 6 +++---
src/lib/libcrypto/bn/bn_exp2.c | 6 +++---
src/lib/libcrypto/bn/bn_gcd.c | 6 +++---
src/lib/libcrypto/bn/bn_lcl.h | 10 +++++++---
src/lib/libcrypto/bn/bn_mod.c | 6 +++---
src/lib/libcrypto/bn/bn_mont.c | 10 +++++-----
src/lib/libcrypto/bn/bn_prime.c | 6 +++---
src/lib/libcrypto/bn/bn_recp.c | 4 ++--
src/lib/libcrypto/dsa/dsa_ameth.c | 4 ++--
src/lib/libcrypto/dsa/dsa_gen.c | 6 +++---
src/lib/libcrypto/dsa/dsa_ossl.c | 8 ++++----
src/lib/libcrypto/gost/gostr341001.c | 10 ++++++----
src/lib/libcrypto/rsa/rsa_chk.c | 10 ++++++----
src/lib/libcrypto/rsa/rsa_eay.c | 10 +++++-----
src/lib/libcrypto/rsa/rsa_gen.c | 8 +++++---
17 files changed, 92 insertions(+), 58 deletions(-)
(limited to 'src')
diff --git a/src/lib/libcrypto/bn/bn.h b/src/lib/libcrypto/bn/bn.h
index 16ba8ae981..fd9a62fe3f 100644
--- a/src/lib/libcrypto/bn/bn.h
+++ b/src/lib/libcrypto/bn/bn.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn.h,v 1.33 2017/01/21 09:38:58 beck Exp $ */
+/* $OpenBSD: bn.h,v 1.34 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -387,9 +387,11 @@ void BN_set_negative(BIGNUM *b, int n);
*/
#define BN_is_negative(a) ((a)->neg != 0)
+#ifndef LIBRESSL_INTERNAL
int BN_div(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
BN_CTX *ctx);
#define BN_mod(rem,m,d,ctx) BN_div(NULL,(rem),(m),(d),(ctx))
+#endif
int BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx);
int BN_mod_add(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m, BN_CTX *ctx);
int BN_mod_add_quick(BIGNUM *r, const BIGNUM *a, const BIGNUM *b, const BIGNUM *m);
diff --git a/src/lib/libcrypto/bn/bn_div.c b/src/lib/libcrypto/bn/bn_div.c
index fefc53f9fa..a8f7c9f384 100644
--- a/src/lib/libcrypto/bn/bn_div.c
+++ b/src/lib/libcrypto/bn/bn_div.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_div.c,v 1.23 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: bn_div.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -116,9 +116,9 @@
* rm->neg == num->neg (unless the remainder is zero)
* If 'dv' or 'rm' is NULL, the respective value is not returned.
*/
-int
-BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
- BN_CTX *ctx)
+static int
+BN_div_internal(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx, int ct)
{
int norm_shift, i, loop;
BIGNUM *tmp, wnum, *snum, *sdiv, *res;
@@ -137,10 +137,8 @@ BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
bn_check_top(num);
- if ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
- (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0)) {
+ if (ct)
no_branch = 1;
- }
bn_check_top(dv);
bn_check_top(rm);
@@ -379,3 +377,27 @@ err:
BN_CTX_end(ctx);
return (0);
}
+
+int
+BN_div(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+{
+ int ct = ((BN_get_flags(num, BN_FLG_CONSTTIME) != 0) ||
+ (BN_get_flags(divisor, BN_FLG_CONSTTIME) != 0));
+
+ return BN_div_internal(dv, rm, num, divisor, ctx, ct);
+}
+
+int
+BN_div_nonct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+{
+ return BN_div_internal(dv, rm, num, divisor, ctx, 0);
+}
+
+int
+BN_div_ct(BIGNUM *dv, BIGNUM *rm, const BIGNUM *num, const BIGNUM *divisor,
+ BN_CTX *ctx)
+{
+ return BN_div_internal(dv, rm, num, divisor, ctx, 1);
+}
diff --git a/src/lib/libcrypto/bn/bn_exp.c b/src/lib/libcrypto/bn/bn_exp.c
index ed4bc666bf..f650e94b09 100644
--- a/src/lib/libcrypto/bn/bn_exp.c
+++ b/src/lib/libcrypto/bn/bn_exp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp.c,v 1.28 2017/01/21 09:38:58 beck Exp $ */
+/* $OpenBSD: bn_exp.c,v 1.29 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -735,7 +735,7 @@ BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* prepare a^1 in Montgomery domain */
if (a->neg || BN_ucmp(a, m) >= 0) {
- if (!BN_mod(&am, a,m, ctx))
+ if (!BN_mod_ct(&am, a,m, ctx))
goto err;
if (!BN_to_montgomery(&am, &am, mont, ctx))
goto err;
@@ -924,7 +924,7 @@ BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, const BIGNUM *m,
#define BN_MOD_MUL_WORD(r, w, m) \
(BN_mul_word(r, (w)) && \
(/* BN_ucmp(r, (m)) < 0 ? 1 :*/ \
- (BN_mod(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
+ (BN_mod_ct(t, r, m, ctx) && (swap_tmp = r, r = t, t = swap_tmp, 1))))
/* BN_MOD_MUL_WORD is only used with 'w' large,
* so the BN_ucmp test is probably more overhead
* than always using BN_mod (which uses BN_copy if
diff --git a/src/lib/libcrypto/bn/bn_exp2.c b/src/lib/libcrypto/bn/bn_exp2.c
index 38bf467a38..1d938d3818 100644
--- a/src/lib/libcrypto/bn/bn_exp2.c
+++ b/src/lib/libcrypto/bn/bn_exp2.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_exp2.c,v 1.10 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: bn_exp2.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -175,7 +175,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
* Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
*/
if (a1->neg || BN_ucmp(a1, m) >= 0) {
- if (!BN_mod(val1[0], a1, m, ctx))
+ if (!BN_mod_ct(val1[0], a1, m, ctx))
goto err;
a_mod_m = val1[0];
} else
@@ -206,7 +206,7 @@ BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1,
* Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
*/
if (a2->neg || BN_ucmp(a2, m) >= 0) {
- if (!BN_mod(val2[0], a2, m, ctx))
+ if (!BN_mod_ct(val2[0], a2, m, ctx))
goto err;
a_mod_m = val2[0];
} else
diff --git a/src/lib/libcrypto/bn/bn_gcd.c b/src/lib/libcrypto/bn/bn_gcd.c
index da9c29a8e5..3c8ff5b405 100644
--- a/src/lib/libcrypto/bn/bn_gcd.c
+++ b/src/lib/libcrypto/bn/bn_gcd.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_gcd.c,v 1.10 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: bn_gcd.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -421,7 +421,7 @@ BN_mod_inverse(BIGNUM *in, const BIGNUM *a, const BIGNUM *n, BN_CTX *ctx)
}
}
} else {
- if (!BN_div(D, M, A, B, ctx))
+ if (!BN_div_ct(D, M, A, B, ctx))
goto err;
}
@@ -605,7 +605,7 @@ BN_mod_inverse_no_branch(BIGNUM *in, const BIGNUM *a, const BIGNUM *n,
BN_with_flags(pA, A, BN_FLG_CONSTTIME);
/* (D, M) := (A/B, A%B) ... */
- if (!BN_div(D, M, pA, B, ctx))
+ if (!BN_div_ct(D, M, pA, B, ctx))
goto err;
/* Now
diff --git a/src/lib/libcrypto/bn/bn_lcl.h b/src/lib/libcrypto/bn/bn_lcl.h
index f8ce4bdc51..59d9036d01 100644
--- a/src/lib/libcrypto/bn/bn_lcl.h
+++ b/src/lib/libcrypto/bn/bn_lcl.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_lcl.h,v 1.24 2017/01/21 09:38:58 beck Exp $ */
+/* $OpenBSD: bn_lcl.h,v 1.25 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -593,7 +593,11 @@ int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
-
+int BN_div_nonct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx);
+int BN_div_ct(BIGNUM *dv, BIGNUM *rem, const BIGNUM *m, const BIGNUM *d,
+ BN_CTX *ctx);
+#define BN_mod_ct(rem,m,d,ctx) BN_div_ct(NULL,(rem),(m),(d),(ctx))
+#define BN_mod_nonct(rem,m,d,ctx) BN_div_nonct(NULL,(rem),(m),(d),(ctx))
__END_HIDDEN_DECLS
-
#endif
diff --git a/src/lib/libcrypto/bn/bn_mod.c b/src/lib/libcrypto/bn/bn_mod.c
index eb2d5b072e..4c30c098d4 100644
--- a/src/lib/libcrypto/bn/bn_mod.c
+++ b/src/lib/libcrypto/bn/bn_mod.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mod.c,v 1.10 2016/11/05 10:47:16 miod Exp $ */
+/* $OpenBSD: bn_mod.c,v 1.11 2017/01/21 10:38:29 beck Exp $ */
/* Includes code written by Lenka Fibikova <fibikova@exp-math.uni-essen.de>
* for the OpenSSL project. */
/* ====================================================================
@@ -121,7 +121,7 @@ BN_nnmod(BIGNUM *r, const BIGNUM *m, const BIGNUM *d, BN_CTX *ctx)
/* like BN_mod, but returns non-negative remainder
* (i.e., 0 <= r < |d| always holds) */
- if (!(BN_mod(r, m,d, ctx)))
+ if (!(BN_mod_ct(r, m,d, ctx)))
return 0;
if (!r->neg)
return 1;
@@ -212,7 +212,7 @@ BN_mod_sqr(BIGNUM *r, const BIGNUM *a, const BIGNUM *m, BN_CTX *ctx)
if (!BN_sqr(r, a, ctx))
return 0;
/* r->neg == 0, thus we don't need BN_nnmod */
- return BN_mod(r, r, m, ctx);
+ return BN_mod_ct(r, r, m, ctx);
}
int
diff --git a/src/lib/libcrypto/bn/bn_mont.c b/src/lib/libcrypto/bn/bn_mont.c
index 3eb9913a9e..3496502435 100644
--- a/src/lib/libcrypto/bn/bn_mont.c
+++ b/src/lib/libcrypto/bn/bn_mont.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_mont.c,v 1.24 2015/02/09 15:49:22 jsing Exp $ */
+/* $OpenBSD: bn_mont.c,v 1.25 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -418,7 +418,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
Ri->d[1] = BN_MASK2;
Ri->top = 2;
}
- if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx))
goto err;
/* Ni = (R*Ri-1)/N,
* keep only couple of least significant words: */
@@ -446,7 +446,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
if (!BN_set_word(Ri, BN_MASK2))
goto err; /* Ri-- (mod word size) */
}
- if (!BN_div(Ri, NULL, Ri, &tmod, ctx))
+ if (!BN_div_ct(Ri, NULL, Ri, &tmod, ctx))
goto err;
/* Ni = (R*Ri-1)/N,
* keep only least significant word: */
@@ -468,7 +468,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
if (!BN_sub_word(Ri, 1))
goto err;
/* Ni = (R*Ri-1) / N */
- if (!BN_div(&(mont->Ni), NULL, Ri, &mont->N, ctx))
+ if (!BN_div_ct(&(mont->Ni), NULL, Ri, &mont->N, ctx))
goto err;
}
#endif
@@ -477,7 +477,7 @@ BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx)
BN_zero(&(mont->RR));
if (!BN_set_bit(&(mont->RR), mont->ri*2))
goto err;
- if (!BN_mod(&(mont->RR), &(mont->RR), &(mont->N), ctx))
+ if (!BN_mod_ct(&(mont->RR), &(mont->RR), &(mont->N), ctx))
goto err;
ret = 1;
diff --git a/src/lib/libcrypto/bn/bn_prime.c b/src/lib/libcrypto/bn/bn_prime.c
index b2f32684e4..ec8217ef69 100644
--- a/src/lib/libcrypto/bn/bn_prime.c
+++ b/src/lib/libcrypto/bn/bn_prime.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_prime.c,v 1.16 2017/01/21 09:38:58 beck Exp $ */
+/* $OpenBSD: bn_prime.c,v 1.17 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -443,7 +443,7 @@ probable_prime_dh(BIGNUM *rnd, int bits, const BIGNUM *add, const BIGNUM *rem,
/* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1, rnd, add, ctx))
+ if (!BN_mod_ct(t1, rnd, add, ctx))
goto err;
if (!BN_sub(rnd, rnd, t1))
goto err;
@@ -500,7 +500,7 @@ probable_prime_dh_safe(BIGNUM *p, int bits, const BIGNUM *padd,
goto err;
/* we need ((rnd-rem) % add) == 0 */
- if (!BN_mod(t1, q,qadd, ctx))
+ if (!BN_mod_ct(t1, q,qadd, ctx))
goto err;
if (!BN_sub(q, q, t1))
goto err;
diff --git a/src/lib/libcrypto/bn/bn_recp.c b/src/lib/libcrypto/bn/bn_recp.c
index b0bd0aa4df..aae7c7ef85 100644
--- a/src/lib/libcrypto/bn/bn_recp.c
+++ b/src/lib/libcrypto/bn/bn_recp.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: bn_recp.c,v 1.13 2015/04/29 00:11:12 doug Exp $ */
+/* $OpenBSD: bn_recp.c,v 1.14 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -251,7 +251,7 @@ BN_reciprocal(BIGNUM *r, const BIGNUM *m, int len, BN_CTX *ctx)
if (!BN_set_bit(t, len))
goto err;
- if (!BN_div(r, NULL, t,m, ctx))
+ if (!BN_div_ct(r, NULL, t,m, ctx))
goto err;
ret = len;
diff --git a/src/lib/libcrypto/dsa/dsa_ameth.c b/src/lib/libcrypto/dsa/dsa_ameth.c
index 92ad02e187..b589d39892 100644
--- a/src/lib/libcrypto/dsa/dsa_ameth.c
+++ b/src/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.21 2017/01/21 09:38:59 beck Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.22 2017/01/21 10:38:29 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@@ -501,7 +501,7 @@ old_dsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
if (BN_sub(p1, dsa->p, BN_value_one()) == 0)
goto err;
/* j = (p - 1) / q */
- if (BN_div(j, NULL, p1, dsa->q, ctx) == 0)
+ if (BN_div_ct(j, NULL, p1, dsa->q, ctx) == 0)
goto err;
/* q * j should == p - 1 */
if (BN_mul(newp1, dsa->q, j, ctx) == 0)
diff --git a/src/lib/libcrypto/dsa/dsa_gen.c b/src/lib/libcrypto/dsa/dsa_gen.c
index d627e5ae9c..b6bbb8ab08 100644
--- a/src/lib/libcrypto/dsa/dsa_gen.c
+++ b/src/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.24 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -271,7 +271,7 @@ dsa_builtin_paramgen(DSA *ret, size_t bits, size_t qbits, const EVP_MD *evpmd,
/* step 9 */
if (!BN_lshift1(r0, q))
goto err;
- if (!BN_mod(c, X, r0, ctx))
+ if (!BN_mod_ct(c, X, r0, ctx))
goto err;
if (!BN_sub(r0, c, BN_value_one()))
goto err;
@@ -306,7 +306,7 @@ end:
/* Set r0=(p-1)/q */
if (!BN_sub(test, p, BN_value_one()))
goto err;
- if (!BN_div(r0, NULL, test, q, ctx))
+ if (!BN_div_ct(r0, NULL, test, q, ctx))
goto err;
if (!BN_set_word(test, h))
diff --git a/src/lib/libcrypto/dsa/dsa_ossl.c b/src/lib/libcrypto/dsa/dsa_ossl.c
index 3f01a83a44..4177557d0e 100644
--- a/src/lib/libcrypto/dsa/dsa_ossl.c
+++ b/src/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.27 2017/01/21 09:38:59 beck Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.28 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -244,7 +244,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
goto err;
}
- if (!BN_mod(r,r,dsa->q,ctx))
+ if (!BN_mod_ct(r,r,dsa->q,ctx))
goto err;
/* Compute part of 's = inv(k) (m + xr) mod q' */
@@ -351,10 +351,10 @@ dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig, DSA *dsa)
mont))
goto err;
}
-
+
/* BN_copy(&u1,&t1); */
/* let u1 = u1 mod q */
- if (!BN_mod(&u1, &t1, dsa->q, ctx))
+ if (!BN_mod_ct(&u1, &t1, dsa->q, ctx))
goto err;
/* V is now in u1. If the signature is correct, it will be
diff --git a/src/lib/libcrypto/gost/gostr341001.c b/src/lib/libcrypto/gost/gostr341001.c
index c6221e4a01..5fb494009c 100644
--- a/src/lib/libcrypto/gost/gostr341001.c
+++ b/src/lib/libcrypto/gost/gostr341001.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: gostr341001.c,v 1.4 2015/02/14 06:40:04 jsing Exp $ */
+/* $OpenBSD: gostr341001.c,v 1.5 2017/01/21 10:38:29 beck Exp $ */
/*
* Copyright (c) 2014 Dmitry Eremin-Solenikov <dbaryshkov@gmail.com>
* Copyright (c) 2005-2006 Cryptocom LTD
@@ -57,6 +57,8 @@
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/gost.h>
+
+#include "bn_lcl.h"
#include "gost_locl.h"
/* Convert little-endian byte array into bignum */
@@ -175,7 +177,7 @@ gost2001_do_sign(BIGNUM *md, GOST_KEY *eckey)
priv_key = GOST_KEY_get0_private_key(eckey);
if ((e = BN_CTX_get(ctx)) == NULL)
goto err;
- if (BN_mod(e, md, order, ctx) == 0)
+ if (BN_mod_ct(e, md, order, ctx) == 0)
goto err;
if (BN_is_zero(e))
BN_one(e);
@@ -288,7 +290,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
goto err;
}
- if (BN_mod(e, md, order, ctx) == 0)
+ if (BN_mod_ct(e, md, order, ctx) == 0)
goto err;
if (BN_is_zero(e))
BN_one(e);
@@ -310,7 +312,7 @@ gost2001_do_verify(BIGNUM *md, ECDSA_SIG *sig, GOST_KEY *ec)
GOSTerr(GOST_F_GOST2001_DO_VERIFY, ERR_R_EC_LIB);
goto err;
}
- if (BN_mod(R, X, order, ctx) == 0)
+ if (BN_mod_ct(R, X, order, ctx) == 0)
goto err;
if (BN_cmp(R, sig->r) != 0) {
GOSTerr(GOST_F_GOST2001_DO_VERIFY, GOST_R_SIGNATURE_MISMATCH);
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index c247a8d80e..efe9431f2d 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_chk.c,v 1.9 2014/07/10 07:43:11 jsing Exp $ */
+/* $OpenBSD: rsa_chk.c,v 1.10 2017/01/21 10:38:29 beck Exp $ */
/* ====================================================================
* Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
@@ -52,6 +52,8 @@
#include <openssl/err.h>
#include <openssl/rsa.h>
+#include "bn_lcl.h"
+
int
RSA_check_key(const RSA *key)
{
@@ -132,7 +134,7 @@ RSA_check_key(const RSA *key)
ret = -1;
goto err;
}
- r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+ r = BN_div_ct(k, NULL, l, m, ctx); /* remainder is 0 */
if (!r) {
ret = -1;
goto err;
@@ -157,7 +159,7 @@ RSA_check_key(const RSA *key)
goto err;
}
- r = BN_mod(j, key->d, i, ctx);
+ r = BN_mod_ct(j, key->d, i, ctx);
if (!r) {
ret = -1;
goto err;
@@ -176,7 +178,7 @@ RSA_check_key(const RSA *key)
goto err;
}
- r = BN_mod(j, key->d, i, ctx);
+ r = BN_mod_ct(j, key->d, i, ctx);
if (!r) {
ret = -1;
goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 640ed9a0d6..c4da147ddf 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.44 2017/01/21 09:38:59 beck Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.45 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -770,7 +770,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
BN_init(&c);
BN_with_flags(&c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1, &c, rsa->q, ctx))
+ if (!BN_mod_ct(r1, &c, rsa->q, ctx))
goto err;
/* compute r1^dmq1 mod q */
@@ -784,7 +784,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
/* compute I mod p */
BN_with_flags(&c, I, BN_FLG_CONSTTIME);
- if (!BN_mod(r1, &c, rsa->p, ctx))
+ if (!BN_mod_ct(r1, &c, rsa->p, ctx))
goto err;
/* compute r1^dmp1 mod p */
@@ -813,7 +813,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
BN_init(&pr1);
BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);
- if (!BN_mod(r0, &pr1, rsa->p, ctx))
+ if (!BN_mod_ct(r0, &pr1, rsa->p, ctx))
goto err;
/*
@@ -844,7 +844,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
*/
if (!BN_sub(vrfy, vrfy, I))
goto err;
- if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+ if (!BN_mod_ct(vrfy, vrfy, rsa->n, ctx))
goto err;
if (BN_is_negative(vrfy))
if (!BN_add(vrfy, vrfy, rsa->n))
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index d46f4f2478..817f177e96 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_gen.c,v 1.18 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: rsa_gen.c,v 1.19 2017/01/21 10:38:29 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -69,6 +69,8 @@
#include <openssl/err.h>
#include <openssl/rsa.h>
+#include "bn_lcl.h"
+
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
/*
@@ -202,11 +204,11 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
/* calculate d mod (p-1) */
- if (!BN_mod(rsa->dmp1, &d, r1, ctx))
+ if (!BN_mod_ct(rsa->dmp1, &d, r1, ctx))
goto err;
/* calculate d mod (q-1) */
- if (!BN_mod(rsa->dmq1, &d, r2, ctx))
+ if (!BN_mod_ct(rsa->dmq1, &d, r2, ctx))
goto err;
/* calculate inverse of q mod p */
--
cgit v1.2.3-55-g6feb