diff options
| author | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2017-12-10 03:30:16 +0100 |
|---|---|---|
| committer | Wolfgang Wiedmeyer <wolfgit@wiedmeyer.de> | 2017-12-10 03:30:16 +0100 |
| commit | 57601d7bdf1e02a7a3161143cdcc06cc47b5e93a (patch) | |
| tree | fc46e516915a8394f7aba34789e13d1389897430 | |
| parent | 5e890dbf71b90164de36b46862af3be9378c1a26 (diff) | |
| parent | 4588ecdba231bdf779296e3597c9180dee15a98b (diff) | |
| download | external_boringssl-replicant-6.0.tar.gz external_boringssl-replicant-6.0.tar.bz2 external_boringssl-replicant-6.0.zip | |
Merge remote-tracking branch 'lineageos/cm-13.0' into replicant-6.0HEADreplicant-6.0-0004-transitionreplicant-6.0-0004-rc6replicant-6.0-0004-rc5-transitionreplicant-6.0-0004-rc5replicant-6.0-0004-rc4replicant-6.0-0004-rc3replicant-6.0-0004-rc2replicant-6.0-0004-rc1replicant-6.0-0004replicant-6.0-0003replicant-6.0
| -rw-r--r-- | src/crypto/bn/exponentiation.c | 94 | ||||
| -rw-r--r-- | src/crypto/bn/montgomery.c | 2 | ||||
| -rw-r--r-- | src/crypto/ec/ec.c | 110 | ||||
| -rw-r--r-- | src/crypto/ec/internal.h | 10 | ||||
| -rw-r--r-- | src/crypto/ecdsa/ecdsa.c | 22 | ||||
| -rw-r--r-- | src/crypto/rsa/blinding.c | 18 | ||||
| -rw-r--r-- | src/crypto/rsa/internal.h | 4 | ||||
| -rw-r--r-- | src/include/openssl/bn.h | 11 | ||||
| -rw-r--r-- | src/include/openssl/rsa.h | 2 |
9 files changed, 178 insertions, 95 deletions
diff --git a/src/crypto/bn/exponentiation.c b/src/crypto/bn/exponentiation.c index d3063c9..afd7b41 100644 --- a/src/crypto/bn/exponentiation.c +++ b/src/crypto/bn/exponentiation.c @@ -602,17 +602,17 @@ int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, } int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { + const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont) { int i, j, bits, ret = 0, wstart, window; int start = 1; BIGNUM *d, *r; const BIGNUM *aa; /* Table of variables obtained from 'ctx' */ BIGNUM *val[TABLE_SIZE]; - BN_MONT_CTX *mont = NULL; + BN_MONT_CTX *new_mont = NULL; if (BN_get_flags(p, BN_FLG_CONSTTIME) != 0) { - return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, in_mont); + return BN_mod_exp_mont_consttime(rr, a, p, m, ctx, mont); } if (!BN_is_odd(m)) { @@ -633,18 +633,13 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; } - /* If this is not done, things will break in the montgomery part */ - - if (in_mont != NULL) { - mont = in_mont; - } else { - mont = BN_MONT_CTX_new(); - if (mont == NULL) { - goto err; - } - if (!BN_MONT_CTX_set(mont, m, ctx)) { + /* Allocate a montgomery context if it was not supplied by the caller. */ + if (mont == NULL) { + new_mont = BN_MONT_CTX_new(); + if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) { goto err; } + mont = new_mont; } if (a->neg || BN_ucmp(a, m) >= 0) { @@ -763,9 +758,7 @@ int BN_mod_exp_mont(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, ret = 1; err: - if (in_mont == NULL) { - BN_MONT_CTX_free(mont); - } + BN_MONT_CTX_free(new_mont); BN_CTX_end(ctx); return ret; } @@ -851,10 +844,10 @@ static int copy_from_prebuf(BIGNUM *b, int top, unsigned char *buf, int idx, */ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *in_mont) { + const BN_MONT_CTX *mont) { int i, bits, ret = 0, window, wvalue; int top; - BN_MONT_CTX *mont = NULL; + BN_MONT_CTX *new_mont = NULL; int numPowers; unsigned char *powerbufFree = NULL; @@ -877,15 +870,13 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, BN_CTX_start(ctx); - /* Allocate a montgomery context if it was not supplied by the caller. - * If this is not done, things will break in the montgomery part. */ - if (in_mont != NULL) { - mont = in_mont; - } else { - mont = BN_MONT_CTX_new(); - if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) { + /* Allocate a montgomery context if it was not supplied by the caller. */ + if (mont == NULL) { + new_mont = BN_MONT_CTX_new(); + if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) { goto err; } + mont = new_mont; } #ifdef RSAZ_ENABLED @@ -1008,7 +999,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BN_ULONG * not_used, const BN_ULONG * np, const BN_ULONG * n0, int num); - BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2; + const BN_ULONG *np = mont->N.d, *n0 = mont->n0, *np2; /* BN_to_montgomery can contaminate words above .top * [in BN_DEBUG[_DEBUG] build]... */ @@ -1022,9 +1013,11 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, if (top & 7) { np2 = np; } else { - for (np2 = am.d + top, i = 0; i < top; i++) { - np2[2 * i] = np[i]; + BN_ULONG *np_double = am.d + top; + for (i = 0; i < top; i++) { + np_double[2 * i] = np[i]; } + np2 = np_double; } bn_scatter5(tmp.d, top, powerbuf, 0); @@ -1189,10 +1182,9 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, goto err; } ret = 1; + err: - if (in_mont == NULL) { - BN_MONT_CTX_free(mont); - } + BN_MONT_CTX_free(new_mont); if (powerbuf != NULL) { OPENSSL_cleanse(powerbuf, powerbufLen); OPENSSL_free(powerbufFree); @@ -1202,8 +1194,9 @@ err: } int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *in_mont) { - BN_MONT_CTX *mont = NULL; + const BIGNUM *m, BN_CTX *ctx, + const BN_MONT_CTX *mont) { + BN_MONT_CTX *new_mont = NULL; int b, bits, ret = 0; int r_is_one; BN_ULONG w, next_w; @@ -1262,13 +1255,13 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, goto err; } - if (in_mont != NULL) { - mont = in_mont; - } else { - mont = BN_MONT_CTX_new(); - if (mont == NULL || !BN_MONT_CTX_set(mont, m, ctx)) { + /* Allocate a montgomery context if it was not supplied by the caller. */ + if (mont == NULL) { + new_mont = BN_MONT_CTX_new(); + if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) { goto err; } + mont = new_mont; } r_is_one = 1; /* except for Montgomery factor */ @@ -1350,9 +1343,7 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p, ret = 1; err: - if (in_mont == NULL) { - BN_MONT_CTX_free(mont); - } + BN_MONT_CTX_free(new_mont); BN_CTX_end(ctx); return ret; } @@ -1361,7 +1352,7 @@ err: int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont) { + BN_CTX *ctx, const BN_MONT_CTX *mont) { int i, j, bits, b, bits1, bits2, ret = 0, wpos1, wpos2, window1, window2, wvalue1, wvalue2; int r_is_one = 1; @@ -1369,7 +1360,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, const BIGNUM *a_mod_m; /* Tables of variables obtained from 'ctx' */ BIGNUM *val1[TABLE_SIZE], *val2[TABLE_SIZE]; - BN_MONT_CTX *mont = NULL; + BN_MONT_CTX *new_mont = NULL; if (!(m->d[0] & 1)) { OPENSSL_PUT_ERROR(BN, BN_mod_exp2_mont, BN_R_CALLED_WITH_EVEN_MODULUS); @@ -1393,16 +1384,13 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, goto err; } - if (in_mont != NULL) { - mont = in_mont; - } else { - mont = BN_MONT_CTX_new(); - if (mont == NULL) { - goto err; - } - if (!BN_MONT_CTX_set(mont, m, ctx)) { + /* Allocate a montgomery context if it was not supplied by the caller. */ + if (mont == NULL) { + new_mont = BN_MONT_CTX_new(); + if (new_mont == NULL || !BN_MONT_CTX_set(new_mont, m, ctx)) { goto err; } + mont = new_mont; } window1 = BN_window_bits_for_exponent_size(bits1); @@ -1554,9 +1542,7 @@ int BN_mod_exp2_mont(BIGNUM *rr, const BIGNUM *a1, const BIGNUM *p1, ret = 1; err: - if (in_mont == NULL) { - BN_MONT_CTX_free(mont); - } + BN_MONT_CTX_free(new_mont); BN_CTX_end(ctx); return ret; } diff --git a/src/crypto/bn/montgomery.c b/src/crypto/bn/montgomery.c index 152cf2d..4eacfd3 100644 --- a/src/crypto/bn/montgomery.c +++ b/src/crypto/bn/montgomery.c @@ -154,7 +154,7 @@ void BN_MONT_CTX_free(BN_MONT_CTX *mont) { } } -BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) { +BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, const BN_MONT_CTX *from) { if (to == from) { return to; } diff --git a/src/crypto/ec/ec.c b/src/crypto/ec/ec.c index f38eba6..d2be59d 100644 --- a/src/crypto/ec/ec.c +++ b/src/crypto/ec/ec.c @@ -67,6 +67,7 @@ #include <openssl/ec.h> +#include <assert.h> #include <string.h> #include <openssl/bn.h> @@ -75,6 +76,7 @@ #include <openssl/obj.h> #include "internal.h" +#include "../internal.h" static const struct curve_data P224 = { @@ -233,6 +235,70 @@ const struct built_in_curve OPENSSL_built_in_curves[] = { {NID_undef, 0, 0}, }; +/* built_in_curve_scalar_field_monts contains Montgomery contexts for + * performing inversions in the scalar fields of each of the built-in + * curves. It's protected by |built_in_curve_scalar_field_monts_once|. */ +static const BN_MONT_CTX **built_in_curve_scalar_field_monts; + +static CRYPTO_once_t built_in_curve_scalar_field_monts_once; + +static void built_in_curve_scalar_field_monts_init(void) { + unsigned num_built_in_curves; + for (num_built_in_curves = 0;; num_built_in_curves++) { + if (OPENSSL_built_in_curves[num_built_in_curves].nid == NID_undef) { + break; + } + } + + assert(0 < num_built_in_curves); + + built_in_curve_scalar_field_monts = + OPENSSL_malloc(sizeof(BN_MONT_CTX *) * num_built_in_curves); + if (built_in_curve_scalar_field_monts == NULL) { + return; + } + + BIGNUM *order = BN_new(); + BN_CTX *bn_ctx = BN_CTX_new(); + BN_MONT_CTX *mont_ctx = NULL; + + if (bn_ctx == NULL || + order == NULL) { + goto err; + } + + unsigned i; + for (i = 0; i < num_built_in_curves; i++) { + const struct curve_data *curve = OPENSSL_built_in_curves[i].data; + const unsigned param_len = curve->param_len; + const uint8_t *params = curve->data; + + mont_ctx = BN_MONT_CTX_new(); + if (mont_ctx == NULL) { + goto err; + } + + if (!BN_bin2bn(params + 5 * param_len, param_len, order) || + !BN_MONT_CTX_set(mont_ctx, order, bn_ctx)) { + goto err; + } + + built_in_curve_scalar_field_monts[i] = mont_ctx; + mont_ctx = NULL; + } + + goto out; + +err: + BN_MONT_CTX_free(mont_ctx); + OPENSSL_free(built_in_curve_scalar_field_monts); + built_in_curve_scalar_field_monts = NULL; + +out: + BN_free(order); + BN_CTX_free(bn_ctx); +} + EC_GROUP *ec_group_new(const EC_METHOD *meth) { EC_GROUP *ret; @@ -295,6 +361,12 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 0; } + /* Require a cofactor of one for custom curves, which implies prime order. */ + if (!BN_is_one(cofactor)) { + OPENSSL_PUT_ERROR(EC, EC_GROUP_new_curve_GFp, EC_R_WRONG_CURVE_PARAMETERS); + return 0; + } + if (group->generator == NULL) { group->generator = EC_POINT_new(group); if (group->generator == NULL) { @@ -325,25 +397,23 @@ int EC_GROUP_set_generator(EC_GROUP *group, const EC_POINT *generator, return 1; } -static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) { +static EC_GROUP *ec_group_new_from_data(unsigned built_in_index) { + const struct built_in_curve *curve = &OPENSSL_built_in_curves[built_in_index]; EC_GROUP *group = NULL; EC_POINT *P = NULL; - BN_CTX *ctx = NULL; BIGNUM *p = NULL, *a = NULL, *b = NULL, *x = NULL, *y = NULL, *order = NULL; - int ok = 0; - unsigned param_len; const EC_METHOD *meth; - const struct curve_data *data; - const uint8_t *params; - if ((ctx = BN_CTX_new()) == NULL) { + int ok = 0; + BN_CTX *ctx = BN_CTX_new(); + if (ctx == NULL) { OPENSSL_PUT_ERROR(EC, ec_group_new_from_data, ERR_R_MALLOC_FAILURE); goto err; } - data = curve->data; - param_len = data->param_len; - params = data->data; + const struct curve_data *data = curve->data; + const unsigned param_len = data->param_len; + const uint8_t *params = data->data; if (!(p = BN_bin2bn(params + 0 * param_len, param_len, NULL)) || !(a = BN_bin2bn(params + 1 * param_len, param_len, NULL)) || @@ -387,6 +457,12 @@ static EC_GROUP *ec_group_new_from_data(const struct built_in_curve *curve) { goto err; } + CRYPTO_once(&built_in_curve_scalar_field_monts_once, + built_in_curve_scalar_field_monts_init); + if (built_in_curve_scalar_field_monts != NULL) { + group->mont_data = built_in_curve_scalar_field_monts[built_in_index]; + } + group->generator = P; P = NULL; if (!BN_copy(&group->order, order) || @@ -421,7 +497,7 @@ EC_GROUP *EC_GROUP_new_by_curve_name(int nid) { for (i = 0; OPENSSL_built_in_curves[i].nid != NID_undef; i++) { curve = &OPENSSL_built_in_curves[i]; if (curve->nid == nid) { - ret = ec_group_new_from_data(curve); + ret = ec_group_new_from_data(i); break; } } @@ -468,6 +544,7 @@ int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) { ec_pre_comp_free(dest->pre_comp); dest->pre_comp = ec_pre_comp_dup(src->pre_comp); + dest->mont_data = src->mont_data; if (src->generator != NULL) { if (dest->generator == NULL) { @@ -480,11 +557,8 @@ int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) { return 0; } } else { - /* src->generator == NULL */ - if (dest->generator != NULL) { - EC_POINT_clear_free(dest->generator); - dest->generator = NULL; - } + EC_POINT_clear_free(dest->generator); + dest->generator = NULL; } if (!BN_copy(&dest->order, &src->order) || @@ -497,6 +571,10 @@ int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src) { return dest->meth->group_copy(dest, src); } +const BN_MONT_CTX *ec_group_get_mont_data(const EC_GROUP *group) { + return group->mont_data; +} + EC_GROUP *EC_GROUP_dup(const EC_GROUP *a) { EC_GROUP *t = NULL; int ok = 0; diff --git a/src/crypto/ec/internal.h b/src/crypto/ec/internal.h index 71062c1..89d86fd 100644 --- a/src/crypto/ec/internal.h +++ b/src/crypto/ec/internal.h @@ -200,6 +200,7 @@ struct ec_group_st { int curve_name; /* optional NID for named curve */ struct ec_pre_comp_st *pre_comp; + const BN_MONT_CTX *mont_data; /* data for ECDSA inverse */ /* The following members are handled by the method functions, * even if they appear generic */ @@ -230,6 +231,11 @@ struct ec_point_st { EC_GROUP *ec_group_new(const EC_METHOD *meth); int ec_group_copy(EC_GROUP *dest, const EC_GROUP *src); +/* ec_group_get_mont_data returns a Montgomery context for operations in the + * scalar field of |group|. It may return NULL in the case that |group| is not + * a built-in group. */ +const BN_MONT_CTX *ec_group_get_mont_data(const EC_GROUP *group); + int ec_wNAF_mul(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, size_t num, const EC_POINT *points[], const BIGNUM *scalars[], BN_CTX *); @@ -321,6 +327,10 @@ void ec_GFp_nistp_recode_scalar_bits(uint8_t *sign, uint8_t *digit, uint8_t in); const EC_METHOD *EC_GFp_nistp256_method(void); +/* Returns GFp methods using montgomery multiplication, with x86-64 + * optimized P256. See http://eprint.iacr.org/2013/816. */ +const EC_METHOD *EC_GFp_nistz256_method(void); + struct ec_key_st { int version; diff --git a/src/crypto/ecdsa/ecdsa.c b/src/crypto/ecdsa/ecdsa.c index b71799e..4c35983 100644 --- a/src/crypto/ecdsa/ecdsa.c +++ b/src/crypto/ecdsa/ecdsa.c @@ -235,7 +235,7 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp, const uint8_t *digest, size_t digest_len) { BN_CTX *ctx = NULL; - BIGNUM *k = NULL, *r = NULL, *order = NULL, *X = NULL; + BIGNUM *k = NULL, *r = NULL, *order = NULL, *tmp = NULL; EC_POINT *tmp_point = NULL; const EC_GROUP *group; int ret = 0; @@ -257,8 +257,8 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, k = BN_new(); /* this value is later returned in *kinvp */ r = BN_new(); /* this value is later returned in *rp */ order = BN_new(); - X = BN_new(); - if (!k || !r || !order || !X) { + tmp = BN_new(); + if (!k || !r || !order || !tmp) { OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_MALLOC_FAILURE); goto err; } @@ -310,19 +310,25 @@ static int ecdsa_sign_setup(EC_KEY *eckey, BN_CTX *ctx_in, BIGNUM **kinvp, OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); goto err; } - if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, X, NULL, ctx)) { + if (!EC_POINT_get_affine_coordinates_GFp(group, tmp_point, tmp, NULL, + ctx)) { OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_EC_LIB); goto err; } - if (!BN_nnmod(r, X, order, ctx)) { + if (!BN_nnmod(r, tmp, order, ctx)) { OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB); goto err; } } while (BN_is_zero(r)); - /* compute the inverse of k */ - if (!BN_mod_inverse(k, k, order, ctx)) { + /* Compute the inverse of k. The order is a prime, so use Fermat's Little + * Theorem. */ + if (!BN_set_word(tmp, 2) || + !BN_sub(tmp, order, tmp) || + /* Note |ec_group_get_mont_data| may return NULL but |BN_mod_exp_mont| + * allows it to be. */ + !BN_mod_exp_mont(k, k, tmp, order, ctx, ec_group_get_mont_data(group))) { OPENSSL_PUT_ERROR(ECDSA, ecdsa_sign_setup, ERR_R_BN_LIB); goto err; } @@ -345,7 +351,7 @@ err: } BN_free(order); EC_POINT_free(tmp_point); - BN_clear_free(X); + BN_clear_free(tmp); return ret; } diff --git a/src/crypto/rsa/blinding.c b/src/crypto/rsa/blinding.c index 245142b..38e1f79 100644 --- a/src/crypto/rsa/blinding.c +++ b/src/crypto/rsa/blinding.c @@ -127,9 +127,11 @@ struct bn_blinding_st { BIGNUM *mod; /* just a reference */ int counter; unsigned long flags; - BN_MONT_CTX *m_ctx; + /* mont is the Montgomery context used for this |BN_BLINDING|. It is not + * owned and must outlive this structure. */ + const BN_MONT_CTX *mont; int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx); + const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont); }; BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { @@ -284,8 +286,8 @@ void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) { BN_BLINDING *BN_BLINDING_create_param( BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx) { + const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont), + const BN_MONT_CTX *mont) { int retry_counter = 32; BN_BLINDING *ret = NULL; @@ -317,8 +319,8 @@ BN_BLINDING *BN_BLINDING_create_param( if (bn_mod_exp != NULL) { ret->bn_mod_exp = bn_mod_exp; } - if (m_ctx != NULL) { - ret->m_ctx = m_ctx; + if (mont != NULL) { + ret->mont = mont; } do { @@ -343,8 +345,8 @@ BN_BLINDING *BN_BLINDING_create_param( } } while (1); - if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { - if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) { + if (ret->bn_mod_exp != NULL && ret->mont != NULL) { + if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->mont)) { goto err; } } else { diff --git a/src/crypto/rsa/internal.h b/src/crypto/rsa/internal.h index d15f2a5..a4d27f6 100644 --- a/src/crypto/rsa/internal.h +++ b/src/crypto/rsa/internal.h @@ -86,8 +86,8 @@ void BN_BLINDING_set_flags(BN_BLINDING *, unsigned long); BN_BLINDING *BN_BLINDING_create_param( BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, - const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), - BN_MONT_CTX *m_ctx); + const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont), + const BN_MONT_CTX *mont); BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx); diff --git a/src/include/openssl/bn.h b/src/include/openssl/bn.h index ec1c8ff..8ad2250 100644 --- a/src/include/openssl/bn.h +++ b/src/include/openssl/bn.h @@ -717,7 +717,7 @@ OPENSSL_EXPORT void BN_MONT_CTX_free(BN_MONT_CTX *mont); /* BN_MONT_CTX_copy sets |to| equal to |from|. It returns |to| on success or * NULL on error. */ OPENSSL_EXPORT BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, - BN_MONT_CTX *from); + const BN_MONT_CTX *from); /* BN_MONT_CTX_set sets up a Montgomery context given the modulus, |mod|. It * returns one on success and zero on error. */ @@ -767,19 +767,20 @@ OPENSSL_EXPORT int BN_mod_exp(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, OPENSSL_EXPORT int BN_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); + const BN_MONT_CTX *mont); OPENSSL_EXPORT int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *in_mont); + BN_CTX *ctx, + const BN_MONT_CTX *mont); OPENSSL_EXPORT int BN_mod_exp_mont_word(BIGNUM *r, BN_ULONG a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); + const BN_MONT_CTX *mont); OPENSSL_EXPORT int BN_mod_exp2_mont(BIGNUM *r, const BIGNUM *a1, const BIGNUM *p1, const BIGNUM *a2, const BIGNUM *p2, const BIGNUM *m, - BN_CTX *ctx, BN_MONT_CTX *m_ctx); + BN_CTX *ctx, const BN_MONT_CTX *mont); /* Private functions */ diff --git a/src/include/openssl/rsa.h b/src/include/openssl/rsa.h index 9b415d7..f1ed8e0 100644 --- a/src/include/openssl/rsa.h +++ b/src/include/openssl/rsa.h @@ -444,7 +444,7 @@ struct rsa_meth_st { BN_CTX *ctx); /* Can be null */ int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, - BN_MONT_CTX *m_ctx); + const BN_MONT_CTX *mont); int flags; |