[openssl-commits] [openssl] master update
Matt Caswell
matt at openssl.org
Tue Jun 7 14:29:49 UTC 2016
The branch master has been updated
via 47ae05ba6288c831a9aa4282f9cce40372e79ea9 (commit)
via 033dc8fad03a23f650e347204446c882bcadcfdf (commit)
from 35ea640a01e3bdeaf8086aba7f05b40c11538f8f (commit)
- Log -----------------------------------------------------------------
commit 47ae05ba6288c831a9aa4282f9cce40372e79ea9
Author: Cesar Pereida <cesar.pereida at aalto.fi>
Date: Tue Jun 7 16:02:01 2016 +0300
Set flag BN_FLG_CONSTTIME earlier
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
commit 033dc8fad03a23f650e347204446c882bcadcfdf
Author: Cesar Pereida <cesar.pereida at aalto.fi>
Date: Tue Jun 7 11:32:23 2016 +0300
Remove kq and set BN_FLG_CONSTTIME in k for BN_mod_inverse
Reviewed-by: Rich Salz <rsalz at openssl.org>
Reviewed-by: Matt Caswell <matt at openssl.org>
-----------------------------------------------------------------------
Summary of changes:
crypto/dsa/dsa_ossl.c | 24 +++++++++---------------
1 file changed, 9 insertions(+), 15 deletions(-)
diff --git a/crypto/dsa/dsa_ossl.c b/crypto/dsa/dsa_ossl.c
index ea09afd..9c97ef9 100644
--- a/crypto/dsa/dsa_ossl.c
+++ b/crypto/dsa/dsa_ossl.c
@@ -135,7 +135,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
const unsigned char *dgst, int dlen)
{
BN_CTX *ctx = NULL;
- BIGNUM *k, *kq, *kinv = NULL, *r = *rp;
+ BIGNUM *k, *kinv = NULL, *r = *rp;
int ret = 0;
if (!dsa->p || !dsa->q || !dsa->g) {
@@ -144,8 +144,7 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
}
k = BN_new();
- kq = BN_new();
- if (k == NULL || kq == NULL)
+ if (k == NULL)
goto err;
if (ctx_in == NULL) {
@@ -168,6 +167,8 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
goto err;
} while (BN_is_zero(k));
+ BN_set_flags(k, BN_FLG_CONSTTIME);
+
if (dsa->flags & DSA_FLAG_CACHE_MONT_P) {
if (!BN_MONT_CTX_set_locked(&dsa->method_mont_p,
dsa->lock, dsa->p, ctx))
@@ -176,9 +177,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
/* Compute r = (g^k mod p) mod q */
- if (!BN_copy(kq, k))
- goto err;
-
/*
* We do not want timing information to leak the length of k, so we
* compute g^k using an equivalent exponent of fixed length. (This
@@ -186,25 +184,22 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
* let us specify the desired timing behaviour.)
*/
- if (!BN_add(kq, kq, dsa->q))
+ if (!BN_add(k, k, dsa->q))
goto err;
- if (BN_num_bits(kq) <= BN_num_bits(dsa->q)) {
- if (!BN_add(kq, kq, dsa->q))
+ if (BN_num_bits(k) <= BN_num_bits(dsa->q)) {
+ if (!BN_add(k, k, dsa->q))
goto err;
}
- BN_set_flags(kq, BN_FLG_CONSTTIME);
-
if ((dsa)->meth->bn_mod_exp != NULL) {
- if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, kq, dsa->p, ctx,
+ if (!dsa->meth->bn_mod_exp(dsa, r, dsa->g, k, dsa->p, ctx,
dsa->method_mont_p))
goto err;
} else {
- if (!BN_mod_exp_mont(r, dsa->g, kq, dsa->p, ctx, dsa->method_mont_p))
+ if (!BN_mod_exp_mont(r, dsa->g, k, dsa->p, ctx, dsa->method_mont_p))
goto err;
}
-
if (!BN_mod(r, r, dsa->q, ctx))
goto err;
@@ -222,7 +217,6 @@ static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in,
if (ctx != ctx_in)
BN_CTX_free(ctx);
BN_clear_free(k);
- BN_clear_free(kq);
return ret;
}
More information about the openssl-commits
mailing list