Deprecate the flags that switch off constant time

 Changes between 1.0.2h and 1.1.0  [xx XXX 2016]

  *) The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and

     DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch

     off the constant time implementation for RSA, DSA and DH have been made

     no-ops and deprecated.

     [Matt Caswell]

  *) Windows RAND implementation was simplified to only get entropy by

     calling CryptGenRandom(). Various other RAND-related tickets

     were also closed.

    }

    {

        BIGNUM *local_prk = NULL;

        BIGNUM *prk;

        BIGNUM *prk = BN_new();

        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {

            local_prk = prk = BN_new();

            if (local_prk == NULL)

        if (prk == NULL)

            goto err;

        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);

        } else {

            prk = priv_key;

        }

        if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {

            BN_free(local_prk);

            BN_free(prk);

            goto err;

        }

        /* We MUST free local_prk before any further use of priv_key */

        BN_free(local_prk);

        /* We MUST free prk before any further use of priv_key */

        BN_free(prk);

    }

    dh->pub_key = pub_key;

    if (dh->flags & DH_FLAG_CACHE_MONT_P) {

        mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,

                                      dh->lock, dh->p, ctx);

        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {

            /* XXX */

        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);

        }

        if (!mont)

            goto err;

    }

                         const BIGNUM *a, const BIGNUM *p,

                         const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)

{

    /*

     * If a is only one word long and constant time is false, use the faster

     * exponentiation function.

     */

    if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {

        BN_ULONG A = bn_get_words(a)[0];

        return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);

    } else

    return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);

}

        pub_key = dsa->pub_key;

    {

        BIGNUM *local_prk = NULL;

        BIGNUM *prk;

        BIGNUM *prk = BN_new();

        if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {

            local_prk = prk = BN_new();

            if (local_prk == NULL)

        if (prk == NULL)

            goto err;

        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);

        } else {

            prk = priv_key;

        }

        if (!BN_mod_exp(pub_key, dsa->g, prk, dsa->p, ctx)) {

            BN_free(local_prk);

            BN_free(prk);

            goto err;

        }

        /* We MUST free local_prk before any further use of priv_key */

        BN_free(local_prk);

        /* We MUST free prk before any further use of priv_key */

        BN_free(prk);

    }

    dsa->priv_key = priv_key;

                          const unsigned char *dgst, int dlen)

{

    BN_CTX *ctx = NULL;

    BIGNUM *k, *kq, *K, *kinv = NULL, *r = *rp;

    BIGNUM *k, *kq, *kinv = NULL, *r = *rp;

    int ret = 0;

    if (!dsa->p || !dsa->q || !dsa->g) {

    /* Compute r = (g^k mod p) mod q */

    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {

    if (!BN_copy(kq, k))

        goto err;

            goto err;

    }

        K = kq;

    } else {

        K = k;

    }

    if ((dsa->flags & DSA_FLAG_NO_EXP_CONSTTIME) == 0) {

        BN_set_flags(K, BN_FLG_CONSTTIME);

    }

    BN_set_flags(kq, BN_FLG_CONSTTIME);

    if ((dsa)->meth->bn_mod_exp != NULL) {

            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, K, dsa->p, ctx,

            if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, kq, dsa->p, ctx,

                                       dsa->method_mont_p))

                goto err;

    } else {

            if (!BN_mod_exp_mont(r, dsa->g, K, dsa->p, ctx, dsa->method_mont_p))

            if (!BN_mod_exp_mont(r, dsa->g, kq, dsa->p, ctx, dsa->method_mont_p))

                goto err;

    }

    }

    {

        BIGNUM *local_n = NULL, *n;

        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {

            /* Set BN_FLG_CONSTTIME flag */

            local_n = n = BN_new();

            if (local_n == NULL) {

        BIGNUM *n = BN_new();

        if (n == NULL) {

            RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);

            goto err;

        }

        BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);

        } else {

            n = rsa->n;

        }

        ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,

                                       rsa->_method_mod_n);

        /* We MUST free local_n before any further use of rsa->n */

        BN_free(local_n);

        /* We MUST free n before any further use of rsa->n */

        BN_free(n);

    }

    if (ret == NULL) {

        RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);