Loading CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -610,6 +610,10 @@ Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior. [Bodo Moeller (Google)] *) Netware support: - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets Loading crypto/bn/bn_mont.c +1 −0 Original line number Diff line number Diff line Loading @@ -425,6 +425,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BIGNUM tmod; BN_ULONG buf[2]; BN_init(&tmod); tmod.d=buf; tmod.dmax=2; tmod.neg=0; Loading crypto/rsa/rsa_eay.c +37 −35 Original line number Diff line number Diff line Loading @@ -151,13 +151,13 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) } /* Usage example; * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); */ #define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ #define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \ if ((pre_cond) && ((method_mod) == NULL) && \ !BN_MONT_CTX_set_locked(&(method_mod), \ CRYPTO_LOCK_RSA, \ (rsa)->m, (ctx))) \ (m), (ctx))) \ err_instr static int RSA_eay_public_encrypt(int flen, const unsigned char *from, Loading Loading @@ -233,7 +233,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -438,7 +438,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, else d= rsa->d; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -559,7 +559,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, else d = rsa->d; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -669,7 +669,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -717,7 +717,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; int bn_flags; int ret=0; BN_CTX_start(ctx); Loading @@ -725,31 +724,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); /* Make sure mod_inverse in montgomerey intialization use correct * BN_FLG_CONSTTIME flag. */ bn_flags = rsa->p->flags; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { rsa->p->flags |= BN_FLG_CONSTTIME; } MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); /* We restore bn_flags back */ rsa->p->flags = bn_flags; BIGNUM local_p, local_q; BIGNUM *p = NULL, *q = NULL; /* Make sure mod_inverse in montgomerey intialization use correct * BN_FLG_CONSTTIME flag. /* Make sure BN_mod_inverse in Montgomery intialization uses the * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) */ bn_flags = rsa->q->flags; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { rsa->q->flags |= BN_FLG_CONSTTIME; BN_init(&local_p); p = &local_p; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); BN_init(&local_q); q = &local_q; BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); } else { p = rsa->p; q = rsa->q; } MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); } MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); /* We restore bn_flags back */ rsa->q->flags = bn_flags; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) Loading Loading
CHANGES +4 −0 Original line number Diff line number Diff line Loading @@ -610,6 +610,10 @@ Changes between 0.9.8g and 0.9.8h [xx XXX xxxx] *) Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set() to get the expected BN_FLG_CONSTTIME behavior. [Bodo Moeller (Google)] *) Netware support: - fixed wrong usage of ioctlsocket() when build for LIBC BSD sockets Loading
crypto/bn/bn_mont.c +1 −0 Original line number Diff line number Diff line Loading @@ -425,6 +425,7 @@ int BN_MONT_CTX_set(BN_MONT_CTX *mont, const BIGNUM *mod, BN_CTX *ctx) BIGNUM tmod; BN_ULONG buf[2]; BN_init(&tmod); tmod.d=buf; tmod.dmax=2; tmod.neg=0; Loading
crypto/rsa/rsa_eay.c +37 −35 Original line number Diff line number Diff line Loading @@ -151,13 +151,13 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) } /* Usage example; * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); */ #define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \ if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \ !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \ #define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \ if ((pre_cond) && ((method_mod) == NULL) && \ !BN_MONT_CTX_set_locked(&(method_mod), \ CRYPTO_LOCK_RSA, \ (rsa)->m, (ctx))) \ (m), (ctx))) \ err_instr static int RSA_eay_public_encrypt(int flen, const unsigned char *from, Loading Loading @@ -233,7 +233,7 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -438,7 +438,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, else d= rsa->d; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -559,7 +559,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, else d = rsa->d; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -669,7 +669,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; Loading Loading @@ -717,7 +717,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; int bn_flags; int ret=0; BN_CTX_start(ctx); Loading @@ -725,31 +724,34 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); /* Make sure mod_inverse in montgomerey intialization use correct * BN_FLG_CONSTTIME flag. */ bn_flags = rsa->p->flags; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { rsa->p->flags |= BN_FLG_CONSTTIME; } MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); /* We restore bn_flags back */ rsa->p->flags = bn_flags; BIGNUM local_p, local_q; BIGNUM *p = NULL, *q = NULL; /* Make sure mod_inverse in montgomerey intialization use correct * BN_FLG_CONSTTIME flag. /* Make sure BN_mod_inverse in Montgomery intialization uses the * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) */ bn_flags = rsa->q->flags; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { rsa->q->flags |= BN_FLG_CONSTTIME; BN_init(&local_p); p = &local_p; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); BN_init(&local_q); q = &local_q; BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); } else { p = rsa->p; q = rsa->q; } MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); } MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); /* We restore bn_flags back */ rsa->q->flags = bn_flags; MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) Loading
