OpenSSL CVS Repository
http://cvs.openssl.org/
____________________________________________________________
________________
Server: cvs.openssl.org Name: Bodo
Moeller
Root: /v/openssl/cvs Email: bodo openssl.org
Module: openssl Date:
27-Feb-2008 07:01:28
Branch: HEAD Handle:
2008022706012602
Modified files:
openssl CHANGES
openssl/crypto/bn bn_mont.c
openssl/crypto/rsa rsa_eay.c
Log:
fix BIGNUM flag handling
Summary:
Revision Changes Path
1.1404 +4 -0 openssl/CHANGES
1.50 +1 -0 openssl/crypto/bn/bn_mont.c
1.56 +37 -35 openssl/crypto/rsa/rsa_eay.c
____________________________________________________________
________________
patch -p0 <<' .'
Index: openssl/CHANGES
============================================================
================
$ cvs diff -u -r1.1403 -r1.1404 CHANGES
--- openssl/CHANGES 6 Jan 2008 00:36:20 -0000 1.1403
+++ openssl/CHANGES 27 Feb 2008 06:01:26 -0000 1.1404
-610,6 +610,10
Changes between 0.9.8g and 0.9.8h [xx XXX xxxx]
+ *) Fix BN flag handling in RSA_eay_mod_exp() and
BN_MONT_CTX_set()
+ to get the expected BN_FLG_CONSTTIME behavior.
+ [Bodo Moeller (Google)]
+
*) Netware support:
- fixed wrong usage of ioctlsocket() when build for
LIBC BSD sockets
.
patch -p0 <<' .'
Index: openssl/crypto/bn/bn_mont.c
============================================================
================
$ cvs diff -u -r1.49 -r1.50 bn_mont.c
--- openssl/crypto/bn/bn_mont.c 18 Sep 2007 16:35:28
-0000 1.49
+++ openssl/crypto/bn/bn_mont.c 27 Feb 2008 06:01:27
-0000 1.50
-425,6 +425,7
BIGNUM tmod;
BN_ULONG buf[2];
+ BN_init(&tmod);
tmod.d=buf;
tmod.dmax=2;
tmod.neg=0;
.
patch -p0 <<' .'
Index: openssl/crypto/rsa/rsa_eay.c
============================================================
================
$ cvs diff -u -r1.55 -r1.56 rsa_eay.c
--- openssl/crypto/rsa/rsa_eay.c 28 Mar 2007 00:15:27
-0000 1.55
+++ openssl/crypto/rsa/rsa_eay.c 27 Feb 2008 06:01:28
-0000 1.56
-151,13 +151,13
}
/* Usage example;
- * MONT_HELPER(rsa, bn_ctx, p, rsa->flags &
RSA_FLAG_CACHE_PRIVATE, goto err);
+ * MONT_HELPER(rsa->_method_mod_p, bn_ctx,
rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto
err);
*/
-#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr)
- if((pre_cond) && ((rsa)->_method_mod_##m ==
NULL) &&
- !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m)
,
+#define MONT_HELPER(method_mod, ctx, m, pre_cond,
err_instr)
+ if ((pre_cond) && ((method_mod) == NULL)
&&
+ !BN_MONT_CTX_set_locked(&(method_mod),
CRYPTO_LOCK_RSA,
- (rsa)->m, (ctx)))
+ (m), (ctx)))
err_instr
static int RSA_eay_public_encrypt(int flen, const
unsigned char *from,
-227,13 +227,13
if (BN_bin2bn(buf,num,f) == NULL) goto err;
if (BN_ucmp(f, rsa->n) >= 0)
- {
+ {
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_F
OR_MODULUS);
goto err;
}
- MONT_HELPER(rsa, ctx, n, rsa->flags &
RSA_FLAG_CACHE_PUBLIC, goto err);
+ MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n,
rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if
(!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
-436,9 +436,9
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
- d = rsa->d;
+ d= rsa->d;
- MONT_HELPER(rsa, ctx, n, rsa->flags &
RSA_FLAG_CACHE_PUBLIC, goto err);
+ MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n,
rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if
(!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
-559,7 +559,7
else
d = rsa->d;
- MONT_HELPER(rsa, ctx, n, rsa->flags &
RSA_FLAG_CACHE_PUBLIC, goto err);
+ MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n,
rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if
(!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n))
goto err;
-669,7 +669,7
goto err;
}
- MONT_HELPER(rsa, ctx, n, rsa->flags &
RSA_FLAG_CACHE_PUBLIC, goto err);
+ MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n,
rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
if
(!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
-717,7 +717,6
BIGNUM *r1,*m1,*vrfy;
BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
BIGNUM *dmp1,*dmq1,*c,*pr1;
- int bn_flags;
int ret=0;
BN_CTX_start(ctx);
-725,31 +724,34
m1 = BN_CTX_get(ctx);
vrfy = BN_CTX_get(ctx);
- /* Make sure mod_inverse in montgomerey intialization
use correct
- * BN_FLG_CONSTTIME flag.
- */
- bn_flags = rsa->p->flags;
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- rsa->p->flags |= BN_FLG_CONSTTIME;
- }
- MONT_HELPER(rsa, ctx, p, rsa->flags &
RSA_FLAG_CACHE_PRIVATE, goto err);
- /* We restore bn_flags back */
- rsa->p->flags = bn_flags;
+ {
+ BIGNUM local_p, local_q;
+ BIGNUM *p = NULL, *q = NULL;
- /* Make sure mod_inverse in montgomerey
intialization use correct
- * BN_FLG_CONSTTIME flag.
- */
- bn_flags = rsa->q->flags;
- if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
- {
- rsa->q->flags |= BN_FLG_CONSTTIME;
- }
- MONT_HELPER(rsa, ctx, q, rsa->flags &
RSA_FLAG_CACHE_PRIVATE, goto err);
- /* We restore bn_flags back */
- rsa->q->flags = bn_flags;
+ /* Make sure BN_mod_inverse in Montgomery intialization
uses the
+ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME
is set)
+ */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+ {
+ BN_init(&local_p);
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+ BN_init(&local_q);
+ q = &local_q;
+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+ }
+ else
+ {
+ p = rsa->p;
+ q = rsa->q;
+ }
+
+ MONT_HELPER(rsa->_method_mod_p, ctx, p,
rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ MONT_HELPER(rsa->_method_mod_q, ctx, q,
rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
+ }
- MONT_HELPER(rsa, ctx, n, rsa->flags &
RSA_FLAG_CACHE_PUBLIC, goto err);
+ MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n,
rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
/* compute I mod q */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
.
____________________________________________________________
__________
OpenSSL Project http://www.openssl.org
CVS Repository Commit List
openssl-cvsopenssl.org
Automated List Manager
majordomoopenssl.org
|
