summaryrefslogtreecommitdiff
path: root/lib/libcrypto/dsa
diff options
context:
space:
mode:
authorBob Beck <beck@cvs.openbsd.org>2017-01-21 09:39:00 +0000
committerBob Beck <beck@cvs.openbsd.org>2017-01-21 09:39:00 +0000
commitd72a49db2abb4d0175558c0ed9cfe32bb823e995 (patch)
treed84c050de13e09525d074865e8758d44957eb961 /lib/libcrypto/dsa
parent2d1075983628703aac703b8864e75f366bf69b2b (diff)
Make explicit _ct and _nonct versions of bn_mod_exp funcitons that
matter for constant time, and make the public interface only used external to the library. This moves us to a model where the important things are constant time versions unless you ask for them not to be, rather than the opposite. I'll continue with this method by method. Add regress tests for same. ok jsing@
Diffstat (limited to 'lib/libcrypto/dsa')
-rw-r--r--lib/libcrypto/dsa/dsa_ameth.c6
-rw-r--r--lib/libcrypto/dsa/dsa_gen.c5
-rw-r--r--lib/libcrypto/dsa/dsa_key.c5
-rw-r--r--lib/libcrypto/dsa/dsa_ossl.c6
4 files changed, 13 insertions, 9 deletions
diff --git a/lib/libcrypto/dsa/dsa_ameth.c b/lib/libcrypto/dsa/dsa_ameth.c
index 3e434701aaf..92ad02e1872 100644
--- a/lib/libcrypto/dsa/dsa_ameth.c
+++ b/lib/libcrypto/dsa/dsa_ameth.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ameth.c,v 1.20 2016/10/19 16:49:11 jsing Exp $ */
+/* $OpenBSD: dsa_ameth.c,v 1.21 2017/01/21 09:38:59 beck Exp $ */
/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
* project 2006.
*/
@@ -66,8 +66,8 @@
#include <openssl/err.h>
#include <openssl/x509.h>
-
#include "asn1_locl.h"
+#include "bn_lcl.h"
static int
dsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
@@ -224,7 +224,7 @@ dsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
goto dsaerr;
}
- if (!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
+ if (!BN_mod_exp_ct(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
DSAerr(DSA_F_DSA_PRIV_DECODE,DSA_R_BN_ERROR);
goto dsaerr;
}
diff --git a/lib/libcrypto/dsa/dsa_gen.c b/lib/libcrypto/dsa/dsa_gen.c
index 7ddb7fec5e4..d627e5ae9ca 100644
--- a/lib/libcrypto/dsa/dsa_gen.c
+++ b/lib/libcrypto/dsa/dsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_gen.c,v 1.22 2015/07/15 18:34:37 miod Exp $ */
+/* $OpenBSD: dsa_gen.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -68,6 +68,7 @@
#include <openssl/evp.h>
#include <openssl/sha.h>
+#include "bn_lcl.h"
#include "dsa_locl.h"
int
@@ -315,7 +316,7 @@ end:
for (;;) {
/* g=test^r0%p */
- if (!BN_mod_exp_mont(g, test, r0, p, ctx, mont))
+ if (!BN_mod_exp_mont_ct(g, test, r0, p, ctx, mont))
goto err;
if (!BN_is_one(g))
break;
diff --git a/lib/libcrypto/dsa/dsa_key.c b/lib/libcrypto/dsa/dsa_key.c
index fc4eb9c4331..cb95e1369cb 100644
--- a/lib/libcrypto/dsa/dsa_key.c
+++ b/lib/libcrypto/dsa/dsa_key.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_key.c,v 1.22 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: dsa_key.c,v 1.23 2017/01/21 09:38:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -65,6 +65,7 @@
#include <openssl/bn.h>
#include <openssl/dsa.h>
+#include "bn_lcl.h"
static int dsa_builtin_keygen(DSA *dsa);
@@ -108,7 +109,7 @@ dsa_builtin_keygen(DSA *dsa)
BN_with_flags(&prk, priv_key, BN_FLG_CONSTTIME);
- if (!BN_mod_exp(pub_key, dsa->g, &prk, dsa->p, ctx))
+ if (!BN_mod_exp_ct(pub_key, dsa->g, &prk, dsa->p, ctx))
goto err;
}
diff --git a/lib/libcrypto/dsa/dsa_ossl.c b/lib/libcrypto/dsa/dsa_ossl.c
index a28d3e9d1a4..3f01a83a446 100644
--- a/lib/libcrypto/dsa/dsa_ossl.c
+++ b/lib/libcrypto/dsa/dsa_ossl.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: dsa_ossl.c,v 1.26 2016/06/21 04:16:53 bcook Exp $ */
+/* $OpenBSD: dsa_ossl.c,v 1.27 2017/01/21 09:38:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -66,6 +66,8 @@
#include <openssl/err.h>
#include <openssl/sha.h>
+#include "bn_lcl.h"
+
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp,
BIGNUM **rp);
@@ -238,7 +240,7 @@ dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
dsa->method_mont_p))
goto err;
} else {
- if (!BN_mod_exp_mont(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))
+ if (!BN_mod_exp_mont_ct(r, dsa->g, &k, dsa->p, ctx, dsa->method_mont_p))
goto err;
}