Adjust various bignum functions to use BN_CTX for variables instead of (c86f2054) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP OpenSSL

crypto/bn/bn_exp.c

+38 −46

Original line number	Diff line number	Diff line
		@@ -231,9 +231,10 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		const BIGNUM m, BN_CTX ctx)
		{
		int i,j,bits,ret=0,wstart,wend,window,wvalue;
		int start=1,ts=0;
		int start=1;
		BIGNUM *aa;
		BIGNUM val[TABLE_SIZE];
		/* Table of variables obtained from 'ctx' */
		BIGNUM *val[TABLE_SIZE];
		BN_RECP_CTX recp;

		bits=BN_num_bits(p);
		@@ -245,7 +246,9 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		}

		BN_CTX_start(ctx);
		if ((aa = BN_CTX_get(ctx)) == NULL) goto err;
		aa = BN_CTX_get(ctx);
		val[0] = BN_CTX_get(ctx);
		if(!aa \|\| !val[0]) goto err;

		BN_RECP_CTX_init(&recp);
		if (m->neg)
		@@ -260,11 +263,8 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		if (BN_RECP_CTX_set(&recp,m,ctx) <= 0) goto err;
		}

		BN_init(&(val[0]));
		ts=1;

		if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */
		if (BN_is_zero(&(val[0])))
		if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
		if (BN_is_zero(val[0]))
		{
		BN_zero(r);
		ret = 1;
		@@ -274,16 +274,16 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		window = BN_window_bits_for_exponent_size(bits);
		if (window > 1)
		{
		if (!BN_mod_mul_reciprocal(aa,&(val[0]),&(val[0]),&recp,ctx))
		if (!BN_mod_mul_reciprocal(aa,val[0],val[0],&recp,ctx))
		goto err; /* 2 */
		j=1<<(window-1);
		for (i=1; i<j; i++)
		{
		BN_init(&val[i]);
		if (!BN_mod_mul_reciprocal(&(val[i]),&(val[i-1]),aa,&recp,ctx))
		if(((val[i] = BN_CTX_get(ctx)) == NULL) \|\|
		!BN_mod_mul_reciprocal(val[i],val[i-1],
		aa,&recp,ctx))
		goto err;
		}
		ts=i;
		}

		start=1; /* This is used to avoid multiplication etc
		@@ -335,7 +335,7 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		}

		/* wvalue will be an odd number < 2^window */
		if (!BN_mod_mul_reciprocal(r,r,&(val[wvalue>>1]),&recp,ctx))
		if (!BN_mod_mul_reciprocal(r,r,val[wvalue>>1],&recp,ctx))
		goto err;

		/* move the 'window' down further */
		@@ -347,8 +347,6 @@ int BN_mod_exp_recp(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		ret=1;
		err:
		BN_CTX_end(ctx);
		for (i=0; i<ts; i++)
		BN_clear_free(&(val[i]));
		BN_RECP_CTX_free(&recp);
		bn_check_top(r);
		return(ret);
		@@ -359,11 +357,11 @@ int BN_mod_exp_mont(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
		const BIGNUM m, BN_CTX ctx, BN_MONT_CTX *in_mont)
		{
		int i,j,bits,ret=0,wstart,wend,window,wvalue;
		int start=1,ts=0;
		int start=1;
		BIGNUM d,r;
		const BIGNUM *aa;
		/* TODO: BN_CTX??? */
		BIGNUM val[TABLE_SIZE];
		/* Table of variables obtained from 'ctx' */
		BIGNUM *val[TABLE_SIZE];
		BN_MONT_CTX *mont=NULL;

		bn_check_top(a);
		@@ -385,7 +383,8 @@ int BN_mod_exp_mont(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
		BN_CTX_start(ctx);
		d = BN_CTX_get(ctx);
		r = BN_CTX_get(ctx);
		if (d == NULL \|\| r == NULL) goto err;
		val[0] = BN_CTX_get(ctx);
		if (!d \|\| !r \|\| !val[0]) goto err;

		/* If this is not done, things will break in the montgomery
		* part */
		@@ -398,13 +397,11 @@ int BN_mod_exp_mont(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
		if (!BN_MONT_CTX_set(mont,m,ctx)) goto err;
		}

		BN_init(&val[0]);
		ts=1;
		if (a->neg \|\| BN_ucmp(a,m) >= 0)
		{
		if (!BN_nnmod(&(val[0]),a,m,ctx))
		if (!BN_nnmod(val[0],a,m,ctx))
		goto err;
		aa= &(val[0]);
		aa= val[0];
		}
		else
		aa=a;
		@@ -414,20 +411,20 @@ int BN_mod_exp_mont(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
		ret = 1;
		goto err;
		}
		if (!BN_to_montgomery(&(val[0]),aa,mont,ctx)) goto err; /* 1 */
		if (!BN_to_montgomery(val[0],aa,mont,ctx)) goto err; /* 1 */

		window = BN_window_bits_for_exponent_size(bits);
		if (window > 1)
		{
		if (!BN_mod_mul_montgomery(d,&(val[0]),&(val[0]),mont,ctx)) goto err; /* 2 */
		if (!BN_mod_mul_montgomery(d,val[0],val[0],mont,ctx)) goto err; /* 2 */
		j=1<<(window-1);
		for (i=1; i<j; i++)
		{
		BN_init(&(val[i]));
		if (!BN_mod_mul_montgomery(&(val[i]),&(val[i-1]),d,mont,ctx))
		if(((val[i] = BN_CTX_get(ctx)) == NULL) \|\|
		!BN_mod_mul_montgomery(val[i],val[i-1],
		d,mont,ctx))
		goto err;
		}
		ts=i;
		}

		start=1; /* This is used to avoid multiplication etc
		@@ -480,7 +477,7 @@ int BN_mod_exp_mont(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
		}

		/* wvalue will be an odd number < 2^window */
		if (!BN_mod_mul_montgomery(r,r,&(val[wvalue>>1]),mont,ctx))
		if (!BN_mod_mul_montgomery(r,r,val[wvalue>>1],mont,ctx))
		goto err;

		/* move the 'window' down further */
		@@ -494,8 +491,6 @@ int BN_mod_exp_mont(BIGNUM rr, const BIGNUM a, const BIGNUM *p,
		err:
		if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
		BN_CTX_end(ctx);
		for (i=0; i<ts; i++)
		BN_clear_free(&(val[i]));
		bn_check_top(rr);
		return(ret);
		}
		@@ -647,11 +642,11 @@ err:
		int BN_mod_exp_simple(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		const BIGNUM m, BN_CTX ctx)
		{
		int i,j,bits,ret=0,wstart,wend,window,wvalue,ts=0;
		int i,j,bits,ret=0,wstart,wend,window,wvalue;
		int start=1;
		BIGNUM *d;
		/* TODO: BN_CTX?? */
		BIGNUM val[TABLE_SIZE];
		/* Table of variables obtained from 'ctx' */
		BIGNUM *val[TABLE_SIZE];

		bits=BN_num_bits(p);

		@@ -662,12 +657,12 @@ int BN_mod_exp_simple(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		}

		BN_CTX_start(ctx);
		if ((d = BN_CTX_get(ctx)) == NULL) goto err;
		d = BN_CTX_get(ctx);
		val[0] = BN_CTX_get(ctx);
		if(!d \|\| !val[0]) goto err;

		BN_init(&(val[0]));
		ts=1;
		if (!BN_nnmod(&(val[0]),a,m,ctx)) goto err; /* 1 */
		if (BN_is_zero(&(val[0])))
		if (!BN_nnmod(val[0],a,m,ctx)) goto err; /* 1 */
		if (BN_is_zero(val[0]))
		{
		BN_zero(r);
		ret = 1;
		@@ -677,16 +672,15 @@ int BN_mod_exp_simple(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		window = BN_window_bits_for_exponent_size(bits);
		if (window > 1)
		{
		if (!BN_mod_mul(d,&(val[0]),&(val[0]),m,ctx))
		if (!BN_mod_mul(d,val[0],val[0],m,ctx))
		goto err; /* 2 */
		j=1<<(window-1);
		for (i=1; i<j; i++)
		{
		BN_init(&(val[i]));
		if (!BN_mod_mul(&(val[i]),&(val[i-1]),d,m,ctx))
		if(((val[i] = BN_CTX_get(ctx)) == NULL) \|\|
		!BN_mod_mul(val[i],val[i-1],d,m,ctx))
		goto err;
		}
		ts=i;
		}

		start=1; /* This is used to avoid multiplication etc
		@@ -738,7 +732,7 @@ int BN_mod_exp_simple(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		}

		/* wvalue will be an odd number < 2^window */
		if (!BN_mod_mul(r,r,&(val[wvalue>>1]),m,ctx))
		if (!BN_mod_mul(r,r,val[wvalue>>1],m,ctx))
		goto err;

		/* move the 'window' down further */
		@@ -750,8 +744,6 @@ int BN_mod_exp_simple(BIGNUM r, const BIGNUM a, const BIGNUM *p,
		ret=1;
		err:
		BN_CTX_end(ctx);
		for (i=0; i<ts; i++)
		BN_clear_free(&(val[i]));
		bn_check_top(r);
		return(ret);
		}

crypto/bn/bn_exp2.c

+22 −28

Original line number	Diff line number	Diff line
		@@ -120,11 +120,11 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		BN_CTX ctx, BN_MONT_CTX in_mont)
		{
		int i,j,bits,b,bits1,bits2,ret=0,wpos1,wpos2,window1,window2,wvalue1,wvalue2;
		int r_is_one=1,ts1=0,ts2=0;
		int r_is_one=1;
		BIGNUM d,r;
		const BIGNUM *a_mod_m;
		/* TODO: BN_CTX??? */
		BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
		/* Tables of variables obtained from 'ctx' */
		BIGNUM val1[TABLE_SIZE], val2[TABLE_SIZE];
		BN_MONT_CTX *mont=NULL;

		bn_check_top(a1);
		@@ -151,7 +151,9 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		BN_CTX_start(ctx);
		d = BN_CTX_get(ctx);
		r = BN_CTX_get(ctx);
		if (d == NULL \|\| r == NULL) goto err;
		val1[0] = BN_CTX_get(ctx);
		val2[0] = BN_CTX_get(ctx);
		if(!d \|\| !r \|\| !val1[0] \|\| !val2[0]) goto err;

		if (in_mont != NULL)
		mont=in_mont;
		@@ -167,13 +169,11 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		/*
		* Build table for a1: val1[i] := a1^(2*i + 1) mod m for i = 0 .. 2^(window1-1)
		*/
		BN_init(&val1[0]);
		ts1=1;
		if (a1->neg \|\| BN_ucmp(a1,m) >= 0)
		{
		if (!BN_mod(&(val1[0]),a1,m,ctx))
		if (!BN_mod(val1[0],a1,m,ctx))
		goto err;
		a_mod_m = &(val1[0]);
		a_mod_m = val1[0];
		}
		else
		a_mod_m = a1;
		@@ -184,32 +184,30 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		goto err;
		}

		if (!BN_to_montgomery(&(val1[0]),a_mod_m,mont,ctx)) goto err;
		if (!BN_to_montgomery(val1[0],a_mod_m,mont,ctx)) goto err;
		if (window1 > 1)
		{
		if (!BN_mod_mul_montgomery(d,&(val1[0]),&(val1[0]),mont,ctx)) goto err;
		if (!BN_mod_mul_montgomery(d,val1[0],val1[0],mont,ctx)) goto err;

		j=1<<(window1-1);
		for (i=1; i<j; i++)
		{
		BN_init(&(val1[i]));
		if (!BN_mod_mul_montgomery(&(val1[i]),&(val1[i-1]),d,mont,ctx))
		if(((val1[i] = BN_CTX_get(ctx)) == NULL) \|\|
		!BN_mod_mul_montgomery(val1[i],val1[i-1],
		d,mont,ctx))
		goto err;
		}
		ts1=i;
		}


		/*
		* Build table for a2: val2[i] := a2^(2*i + 1) mod m for i = 0 .. 2^(window2-1)
		*/
		BN_init(&val2[0]);
		ts2=1;
		if (a2->neg \|\| BN_ucmp(a2,m) >= 0)
		{
		if (!BN_mod(&(val2[0]),a2,m,ctx))
		if (!BN_mod(val2[0],a2,m,ctx))
		goto err;
		a_mod_m = &(val2[0]);
		a_mod_m = val2[0];
		}
		else
		a_mod_m = a2;
		@@ -219,19 +217,19 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		ret = 1;
		goto err;
		}
		if (!BN_to_montgomery(&(val2[0]),a_mod_m,mont,ctx)) goto err;
		if (!BN_to_montgomery(val2[0],a_mod_m,mont,ctx)) goto err;
		if (window2 > 1)
		{
		if (!BN_mod_mul_montgomery(d,&(val2[0]),&(val2[0]),mont,ctx)) goto err;
		if (!BN_mod_mul_montgomery(d,val2[0],val2[0],mont,ctx)) goto err;

		j=1<<(window2-1);
		for (i=1; i<j; i++)
		{
		BN_init(&(val2[i]));
		if (!BN_mod_mul_montgomery(&(val2[i]),&(val2[i-1]),d,mont,ctx))
		if(((val2[i] = BN_CTX_get(ctx)) == NULL) \|\|
		!BN_mod_mul_montgomery(val2[i],val2[i-1],
		d,mont,ctx))
		goto err;
		}
		ts2=i;
		}


		@@ -288,7 +286,7 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		if (wvalue1 && b == wpos1)
		{
		/* wvalue1 is odd and < 2^window1 */
		if (!BN_mod_mul_montgomery(r,r,&(val1[wvalue1>>1]),mont,ctx))
		if (!BN_mod_mul_montgomery(r,r,val1[wvalue1>>1],mont,ctx))
		goto err;
		wvalue1 = 0;
		r_is_one = 0;
		@@ -297,7 +295,7 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		if (wvalue2 && b == wpos2)
		{
		/* wvalue2 is odd and < 2^window2 */
		if (!BN_mod_mul_montgomery(r,r,&(val2[wvalue2>>1]),mont,ctx))
		if (!BN_mod_mul_montgomery(r,r,val2[wvalue2>>1],mont,ctx))
		goto err;
		wvalue2 = 0;
		r_is_one = 0;
		@@ -308,10 +306,6 @@ int BN_mod_exp2_mont(BIGNUM rr, const BIGNUM a1, const BIGNUM *p1,
		err:
		if ((in_mont == NULL) && (mont != NULL)) BN_MONT_CTX_free(mont);
		BN_CTX_end(ctx);
		for (i=0; i<ts1; i++)
		BN_clear_free(&(val1[i]));
		for (i=0; i<ts2; i++)
		BN_clear_free(&(val2[i]));
		bn_check_top(rr);
		return(ret);
		}

crypto/bn/bn_mont.c

+18 −17

Original line number	Diff line number	Diff line
		@@ -271,9 +271,11 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont)

		int BN_MONT_CTX_set(BN_MONT_CTX mont, const BIGNUM mod, BN_CTX *ctx)
		{
		BIGNUM Ri,*R;
		int ret = 0;
		BIGNUM Ri,R;

		BN_init(&Ri);
		BN_CTX_start(ctx);
		if((Ri = BN_CTX_get(ctx)) == NULL) goto err;
		R= &(mont->RR); /* grab RR as a temp */
		BN_copy(&(mont->N),mod); /* Set N */
		mont->N.neg = 0;
		@@ -294,22 +296,21 @@ int BN_MONT_CTX_set(BN_MONT_CTX mont, const BIGNUM mod, BN_CTX *ctx)
		tmod.dmax=2;
		tmod.neg=0;
		/* Ri = R^-1 mod N*/
		if ((BN_mod_inverse(&Ri,R,&tmod,ctx)) == NULL)
		if ((BN_mod_inverse(Ri,R,&tmod,ctx)) == NULL)
		goto err;
		if (!BN_lshift(&Ri,&Ri,BN_BITS2)) goto err; /* RRi /
		if (!BN_is_zero(&Ri))
		if (!BN_lshift(Ri,Ri,BN_BITS2)) goto err; /* RRi /
		if (!BN_is_zero(Ri))
		{
		if (!BN_sub_word(&Ri,1)) goto err;
		if (!BN_sub_word(Ri,1)) goto err;
		}
		else /* if N mod word size == 1 */
		{
		if (!BN_set_word(&Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */
		if (!BN_set_word(Ri,BN_MASK2)) goto err; /* Ri-- (mod word size) */
		}
		if (!BN_div(&Ri,NULL,&Ri,&tmod,ctx)) goto err;
		if (!BN_div(Ri,NULL,Ri,&tmod,ctx)) goto err;
		/* Ni = (R*Ri-1)/N,
		* keep only least significant word: */
		mont->n0 = (Ri.top > 0) ? Ri.d[0] : 0;
		BN_free(&Ri);
		mont->n0 = (Ri->top > 0) ? Ri->d[0] : 0;
		}
		#else /* !MONT_WORD */
		{ /* bignum version */
		@@ -317,13 +318,12 @@ int BN_MONT_CTX_set(BN_MONT_CTX mont, const BIGNUM mod, BN_CTX *ctx)
		BN_zero(R);
		if (!BN_set_bit(R,mont->ri)) goto err; /* R = 2^ri */
		/* Ri = R^-1 mod N*/
		if ((BN_mod_inverse(&Ri,R,&mont->N,ctx)) == NULL)
		if ((BN_mod_inverse(Ri,R,&mont->N,ctx)) == NULL)
		goto err;
		if (!BN_lshift(&Ri,&Ri,mont->ri)) goto err; /* RRi /
		if (!BN_sub_word(&Ri,1)) goto err;
		if (!BN_lshift(Ri,Ri,mont->ri)) goto err; /* RRi /
		if (!BN_sub_word(Ri,1)) goto err;
		/* Ni = (RRi-1) / N /
		if (!BN_div(&(mont->Ni),NULL,&Ri,&mont->N,ctx)) goto err;
		BN_free(&Ri);
		if (!BN_div(&(mont->Ni),NULL,Ri,&mont->N,ctx)) goto err;
		}
		#endif

		@@ -332,9 +332,10 @@ int BN_MONT_CTX_set(BN_MONT_CTX mont, const BIGNUM mod, BN_CTX *ctx)
		if (!BN_set_bit(&(mont->RR),mont->ri*2)) goto err;
		if (!BN_mod(&(mont->RR),&(mont->RR),&(mont->N),ctx)) goto err;

		return(1);
		ret = 1;
		err:
		return(0);
		BN_CTX_end(ctx);
		return ret;
		}

		BN_MONT_CTX BN_MONT_CTX_copy(BN_MONT_CTX to, BN_MONT_CTX *from)

crypto/bn/bn_prime.c

+11 −6

Original line number	Diff line number	Diff line
		@@ -159,15 +159,17 @@ int BN_GENCB_call(BN_GENCB *cb, int a, int b)
		int BN_generate_prime_ex(BIGNUM *ret, int bits, int safe,
		const BIGNUM add, const BIGNUM rem, BN_GENCB *cb)
		{
		BIGNUM t;
		BIGNUM *t;
		int found=0;
		int i,j,c1=0;
		BN_CTX *ctx;
		int checks = BN_prime_checks_for_size(bits);

		BN_init(&t);
		ctx=BN_CTX_new();
		if (ctx == NULL) goto err;
		BN_CTX_start(ctx);
		t = BN_CTX_get(ctx);
		if(!t) goto err;
		loop:
		/* make a random number and set the top and bottom bits */
		if (add == NULL)
		@@ -204,7 +206,7 @@ loop:
		* check that (p-1)/2 is prime.
		* Since a prime is odd, We just
		* need to divide by 2 */
		if (!BN_rshift1(&t,ret)) goto err;
		if (!BN_rshift1(t,ret)) goto err;

		for (i=0; i<checks; i++)
		{
		@@ -212,7 +214,7 @@ loop:
		if (j == -1) goto err;
		if (j == 0) goto loop;

		j=BN_is_prime_fasttest_ex(&t,1,ctx,0,cb);
		j=BN_is_prime_fasttest_ex(t,1,ctx,0,cb);
		if (j == -1) goto err;
		if (j == 0) goto loop;

		@@ -224,8 +226,11 @@ loop:
		/* we have a prime :-) */
		found = 1;
		err:
		BN_free(&t);
		if (ctx != NULL) BN_CTX_free(ctx);
		if (ctx != NULL)
		{
		BN_CTX_end(ctx);
		BN_CTX_free(ctx);
		}
		bn_check_top(ret);
		return found;
		}

crypto/bn/bn_recp.c

+6 −5

Original line number	Diff line number	Diff line
		@@ -217,17 +217,18 @@ err:
		int BN_reciprocal(BIGNUM r, const BIGNUM m, int len, BN_CTX *ctx)
		{
		int ret= -1;
		BIGNUM t;
		BIGNUM *t;

		BN_init(&t);
		BN_CTX_start(ctx);
		if((t = BN_CTX_get(ctx)) == NULL) goto err;

		if (!BN_set_bit(&t,len)) goto err;
		if (!BN_set_bit(t,len)) goto err;

		if (!BN_div(r,NULL,&t,m,ctx)) goto err;
		if (!BN_div(r,NULL,t,m,ctx)) goto err;

		ret=len;
		err:
		BN_free(&t);
		bn_check_top(r);
		BN_CTX_end(ctx);
		return(ret);
		}