Commit 0a9b8dd1 authored by Dr. Stephen Henson's avatar Dr. Stephen Henson
Browse files

Fix 0.9.8 FIPS capable OpenSSL build. 

The object file bn_lib.o is excluded from FIPS builds which causes
a linker error for BN_consttime_swap. So move definition from bn_lib.c
to bn_gf2m.c

This change is *only* needed for OpenSSL 0.9.8 which uses the 1.2
FIPS module.
parent bfce4e5d

crypto/bn/bn_gf2m.c

+51 −0
Original line number Diff line number Diff line
@@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) 
	return 1;

	}



/* 

 * Constant-time conditional swap of a and b.  

 * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.

 * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,

 * and that no more than nwords are used by either a or b.

 * a and b cannot be the same number

 */

void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)

	{

	BN_ULONG t;

	int i;



	bn_wcheck_size(a, nwords);

	bn_wcheck_size(b, nwords);



	assert(a != b);

	assert((condition & (condition - 1)) == 0);

	assert(sizeof(BN_ULONG) >= sizeof(int));



	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;



	t = (a->top^b->top) & condition;

	a->top ^= t;

	b->top ^= t;



#define BN_CONSTTIME_SWAP(ind) \

	do { \

		t = (a->d[ind] ^ b->d[ind]) & condition; \

		a->d[ind] ^= t; \

		b->d[ind] ^= t; \

	} while (0)





	switch (nwords) {

	default:

		for (i = 10; i < nwords; i++) 

			BN_CONSTTIME_SWAP(i);

		/* Fallthrough */

	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */

	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */

	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */

	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */

	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */

	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */

	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */

	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */

	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */

	case 1: BN_CONSTTIME_SWAP(0);

	}

#undef BN_CONSTTIME_SWAP

}

crypto/bn/bn_lib.c

+0 −52
Original line number Diff line number Diff line
@@ -824,55 +824,3 @@ int bn_cmp_part_words(const BN_ULONG *a, const BN_ULONG *b, 
		}

	return bn_cmp_words(a,b,cl);

	}
 


/* 

 * Constant-time conditional swap of a and b.  

 * a and b are swapped if condition is not 0.  The code assumes that at most one bit of condition is set.

 * nwords is the number of words to swap.  The code assumes that at least nwords are allocated in both a and b,

 * and that no more than nwords are used by either a or b.

 * a and b cannot be the same number

 */

void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords)

	{

	BN_ULONG t;

	int i;



	bn_wcheck_size(a, nwords);

	bn_wcheck_size(b, nwords);



	assert(a != b);

	assert((condition & (condition - 1)) == 0);

	assert(sizeof(BN_ULONG) >= sizeof(int));



	condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1;



	t = (a->top^b->top) & condition;

	a->top ^= t;

	b->top ^= t;



#define BN_CONSTTIME_SWAP(ind) \

	do { \

		t = (a->d[ind] ^ b->d[ind]) & condition; \

		a->d[ind] ^= t; \

		b->d[ind] ^= t; \

	} while (0)





	switch (nwords) {

	default:

		for (i = 10; i < nwords; i++) 

			BN_CONSTTIME_SWAP(i);

		/* Fallthrough */

	case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */

	case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */

	case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */

	case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */

	case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */

	case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */

	case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */

	case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */

	case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */

	case 1: BN_CONSTTIME_SWAP(0);

	}

#undef BN_CONSTTIME_SWAP

}