Remove flags for disabling constant-time operations.

This removes support for DSA_FLAG_NO_EXP_CONSTTIME, DH_FLAG_NO_EXP_CONSTTIME,
and RSA_FLAG_NO_CONSTTIME flags, making all of these operations unconditionally
constant-time.

Based on the original patch by César Pereid.  ok beck@

2 files changed, 33 insertions, 70 deletions

diff --git a/regress/lib/libcrypto/dh/dhtest.c b/regress/lib/libcrypto/dh/dhtest.c
index f1ddc5ccf5d..9c2d507d971 100644
--- a/regress/lib/libcrypto/dh/dhtest.c
+++ b/regress/lib/libcrypto/dh/dhtest.c
@@ -73,16 +73,30 @@
 
 #include <openssl/dh.h>
 
-static int cb(int p, int n, BN_GENCB *arg);
+static int cb(int p, int n, BN_GENCB *arg)
+{
+	char c='*';
+
+	if (p == 0)
+		c='.';
+	if (p == 1)
+		c='+';
+	if (p == 2)
+		c='*';
+	if (p == 3)
+		c='\n';
+	BIO_write(arg->arg,&c,1);
+	(void)BIO_flush(arg->arg);
+	return 1;
+}
 
 int main(int argc, char *argv[])
-	{
+{
 	BN_GENCB _cb;
 	DH *a;
-	DH *b=NULL;
 	char buf[12];
-	unsigned char *abuf=NULL,*bbuf=NULL;
-	int i,alen,blen,aout,bout,ret=1;
+	unsigned char *abuf=NULL;
+	int i,alen,aout,ret=1;
 	BIO *out;
 
 	out=BIO_new(BIO_s_file());
@@ -90,11 +104,12 @@ int main(int argc, char *argv[])
 	BIO_set_fp(out,stdout,BIO_NOCLOSE);
 
 	BN_GENCB_set(&_cb, &cb, out);
-	if(((a = DH_new()) == NULL) || !DH_generate_parameters_ex(a, 64,
-				DH_GENERATOR_5, &_cb))
+	if (((a = DH_new()) == NULL) ||
+	    !DH_generate_parameters_ex(a, 64, DH_GENERATOR_5, &_cb))
 		goto err;
 
-	if (!DH_check(a, &i)) goto err;
+	if (!DH_check(a, &i))
+		goto err;
 	if (i & DH_CHECK_P_NOT_PRIME)
 		BIO_puts(out, "p value is not prime\n");
 	if (i & DH_CHECK_P_NOT_SAFE_PRIME)
@@ -110,81 +125,36 @@ int main(int argc, char *argv[])
 	BN_print(out,a->g);
 	BIO_puts(out,"\n");
 
-	b=DH_new();
-	if (b == NULL) goto err;
-
-	b->p=BN_dup(a->p);
-	b->g=BN_dup(a->g);
-	if ((b->p == NULL) || (b->g == NULL)) goto err;
-
-	/* Set a to run with normal modexp and b to use constant time */
-	a->flags &= ~DH_FLAG_NO_EXP_CONSTTIME;
-	b->flags |= DH_FLAG_NO_EXP_CONSTTIME;
-
-	if (!DH_generate_key(a)) goto err;
+	if (!DH_generate_key(a))
+		goto err;
 	BIO_puts(out,"pri 1=");
 	BN_print(out,a->priv_key);
 	BIO_puts(out,"\npub 1=");
 	BN_print(out,a->pub_key);
 	BIO_puts(out,"\n");
 
-	if (!DH_generate_key(b)) goto err;
-	BIO_puts(out,"pri 2=");
-	BN_print(out,b->priv_key);
-	BIO_puts(out,"\npub 2=");
-	BN_print(out,b->pub_key);
-	BIO_puts(out,"\n");
-
 	alen=DH_size(a);
 	abuf=malloc(alen);
-	aout=DH_compute_key(abuf,b->pub_key,a);
+	aout=DH_compute_key(abuf,a->pub_key,a);
 
 	BIO_puts(out,"key1 =");
-	for (i=0; i<aout; i++)
-		{
+	for (i=0; i<aout; i++) {
 		snprintf(buf,sizeof buf,"%02X",abuf[i]);
 		BIO_puts(out,buf);
-		}
+	}
 	BIO_puts(out,"\n");
 
-	blen=DH_size(b);
-	bbuf=malloc(blen);
-	bout=DH_compute_key(bbuf,a->pub_key,b);
-
-	BIO_puts(out,"key2 =");
-	for (i=0; i<bout; i++)
-		{
-		snprintf(buf,sizeof buf,"%02X",bbuf[i]);
-		BIO_puts(out,buf);
-		}
-	BIO_puts(out,"\n");
-	if ((aout < 4) || (bout != aout) || (memcmp(abuf,bbuf,aout) != 0))
-		{
+	if (aout < 4) {
 		fprintf(stderr,"Error in DH routines\n");
 		ret=1;
-		}
-	else
+	} else
 		ret=0;
 err:
 	ERR_print_errors_fp(stderr);
 
 	free(abuf);
-	free(bbuf);
-	if(b != NULL) DH_free(b);
-	if(a != NULL) DH_free(a);
+	if (a != NULL)
+		DH_free(a);
 	BIO_free(out);
 	exit(ret);
-	}
-
-static int cb(int p, int n, BN_GENCB *arg)
-	{
-	char c='*';
-
-	if (p == 0) c='.';
-	if (p == 1) c='+';
-	if (p == 2) c='*';
-	if (p == 3) c='\n';
-	BIO_write(arg->arg,&c,1);
-	(void)BIO_flush(arg->arg);
-	return 1;
-	}
+}
diff --git a/regress/lib/libcrypto/dsa/dsatest.c b/regress/lib/libcrypto/dsa/dsatest.c
index 1fb929a6895..444cda532d0 100644
--- a/regress/lib/libcrypto/dsa/dsatest.c
+++ b/regress/lib/libcrypto/dsa/dsatest.c
@@ -182,13 +182,6 @@ int main(int argc, char **argv)
 		goto end;
 		}
 
-	dsa->flags |= DSA_FLAG_NO_EXP_CONSTTIME;
-	DSA_generate_key(dsa);
-	DSA_sign(0, str1, 20, sig, &siglen, dsa);
-	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)
-		ret=1;
-
-	dsa->flags &= ~DSA_FLAG_NO_EXP_CONSTTIME;
 	DSA_generate_key(dsa);
 	DSA_sign(0, str1, 20, sig, &siglen, dsa);
 	if (DSA_verify(0, str1, 20, sig, siglen, dsa) == 1)