/[smeserver]/rpms/openssl/sme8/openssl-fips-0.9.8e-bn-fixes.patch
ViewVC logotype

Contents of /rpms/openssl/sme8/openssl-fips-0.9.8e-bn-fixes.patch

Parent Directory Parent Directory | Revision Log Revision Log | View Revision Graph Revision Graph


Revision 1.1 - (show annotations) (download)
Tue Feb 18 03:03:08 2014 UTC (10 years, 9 months ago) by wellsi
Branch: MAIN
CVS Tags: openssl-0_9_8e-28_el5_sme, openssl-0_9_8e-33_1_el5_sme, openssl-0_9_8e-32_1_el5_sme, openssl-0_9_8e-27_1_el5_sme, openssl-0_9_8e-27_el5_10_1, openssl-0_9_8e-31_1_el5_sme, HEAD
Branch point for: upstream
Error occurred while calculating annotation data.
Initial import

1 Fix BN flag handling in RSA_eay_mod_exp() and BN_MONT_CTX_set()
2 to get the expected BN_FLG_CONSTTIME behavior.
3 [Bodo Moeller (Google)]
4
5 openssl/crypto/bn/bn_mont.c 1.36.2.8 -> 1.36.2.9
6
7 --- openssl/crypto/bn/bn_mont.c 2007/11/11 20:43:23 1.36.2.8
8 +++ openssl/crypto/bn/bn_mont.c 2008/02/27 06:01:59 1.36.2.9
9 @@ -413,6 +413,8 @@
10
11 buf[0]=mod->d[0]; /* tmod = N mod word size */
12 buf[1]=0;
13 +
14 + BN_init(&tmod);
15 tmod.d=buf;
16 tmod.top = buf[0] != 0 ? 1 : 0;
17 tmod.dmax=2;
18
19 openssl/crypto/rsa/rsa_eay.c 1.46.2.8 -> 1.46.2.9
20
21 --- openssl/crypto/rsa/rsa_eay.c 2007/03/28 00:14:21 1.46.2.8
22 +++ openssl/crypto/rsa/rsa_eay.c 2008/02/27 06:02:00 1.46.2.9
23 @@ -151,13 +151,13 @@
24 }
25
26 /* Usage example;
27 - * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
28 + * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
29 */
30 -#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
31 - if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
32 - !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
33 +#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
34 + if ((pre_cond) && ((method_mod) == NULL) && \
35 + !BN_MONT_CTX_set_locked(&(method_mod), \
36 CRYPTO_LOCK_RSA, \
37 - (rsa)->m, (ctx))) \
38 + (m), (ctx))) \
39 err_instr
40
41 static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
42 @@ -227,13 +227,13 @@
43 if (BN_bin2bn(buf,num,f) == NULL) goto err;
44
45 if (BN_ucmp(f, rsa->n) >= 0)
46 - {
47 + {
48 /* usually the padding functions would catch this */
49 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
50 goto err;
51 }
52
53 - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
54 + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
55
56 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
57 rsa->_method_mod_n)) goto err;
58 @@ -436,9 +436,9 @@
59 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
60 }
61 else
62 - d = rsa->d;
63 + d= rsa->d;
64
65 - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
66 + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
67
68 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
69 rsa->_method_mod_n)) goto err;
70 @@ -559,7 +559,7 @@
71 else
72 d = rsa->d;
73
74 - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
75 + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
76 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
77 rsa->_method_mod_n))
78 goto err;
79 @@ -669,7 +669,7 @@
80 goto err;
81 }
82
83 - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
84 + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
85
86 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
87 rsa->_method_mod_n)) goto err;
88 @@ -717,7 +717,6 @@
89 BIGNUM *r1,*m1,*vrfy;
90 BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
91 BIGNUM *dmp1,*dmq1,*c,*pr1;
92 - int bn_flags;
93 int ret=0;
94
95 BN_CTX_start(ctx);
96 @@ -725,31 +724,34 @@
97 m1 = BN_CTX_get(ctx);
98 vrfy = BN_CTX_get(ctx);
99
100 - /* Make sure mod_inverse in montgomerey intialization use correct
101 - * BN_FLG_CONSTTIME flag.
102 - */
103 - bn_flags = rsa->p->flags;
104 - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
105 - {
106 - rsa->p->flags |= BN_FLG_CONSTTIME;
107 - }
108 - MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
109 - /* We restore bn_flags back */
110 - rsa->p->flags = bn_flags;
111 + {
112 + BIGNUM local_p, local_q;
113 + BIGNUM *p = NULL, *q = NULL;
114
115 - /* Make sure mod_inverse in montgomerey intialization use correct
116 - * BN_FLG_CONSTTIME flag.
117 - */
118 - bn_flags = rsa->q->flags;
119 - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
120 - {
121 - rsa->q->flags |= BN_FLG_CONSTTIME;
122 - }
123 - MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
124 - /* We restore bn_flags back */
125 - rsa->q->flags = bn_flags;
126 + /* Make sure BN_mod_inverse in Montgomery intialization uses the
127 + * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
128 + */
129 + if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
130 + {
131 + BN_init(&local_p);
132 + p = &local_p;
133 + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
134 +
135 + BN_init(&local_q);
136 + q = &local_q;
137 + BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
138 + }
139 + else
140 + {
141 + p = rsa->p;
142 + q = rsa->q;
143 + }
144 +
145 + MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
146 + MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
147 + }
148
149 - MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
150 + MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
151
152 /* compute I mod q */
153 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
154
155 Fix DH with certain moduli.
156
157 openssl/crypto/bn/bn_mul.c 1.36.4.1 -> 1.36.4.2
158
159 --- openssl/crypto/bn/bn_mul.c 2007/07/08 18:55:51 1.36.4.1
160 +++ openssl/crypto/bn/bn_mul.c 2007/11/03 20:10:10 1.36.4.2
161 @@ -389,6 +389,7 @@
162 * a[0]*b[0]+a[1]*b[1]+(a[0]-a[1])*(b[1]-b[0])
163 * a[1]*b[1]
164 */
165 +/* dnX may not be positive, but n2/2+dnX has to be */
166 void bn_mul_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n2,
167 int dna, int dnb, BN_ULONG *t)
168 {
169 @@ -398,7 +399,7 @@
170 BN_ULONG ln,lo,*p;
171
172 # ifdef BN_COUNT
173 - fprintf(stderr," bn_mul_recursive %d * %d\n",n2,n2);
174 + fprintf(stderr," bn_mul_recursive %d%+d * %d%+d\n",n2,dna,n2,dnb);
175 # endif
176 # ifdef BN_MUL_COMBA
177 # if 0
178 @@ -545,6 +546,7 @@
179
180 /* n+tn is the word length
181 * t needs to be n*4 is size, as does r */
182 +/* tnX may not be negative but less than n */
183 void bn_mul_part_recursive(BN_ULONG *r, BN_ULONG *a, BN_ULONG *b, int n,
184 int tna, int tnb, BN_ULONG *t)
185 {
186 @@ -553,8 +555,8 @@
187 BN_ULONG ln,lo,*p;
188
189 # ifdef BN_COUNT
190 - fprintf(stderr," bn_mul_part_recursive (%d+%d) * (%d+%d)\n",
191 - tna, n, tnb, n);
192 + fprintf(stderr," bn_mul_part_recursive (%d%+d) * (%d%+d)\n",
193 + n, tna, n, tnb);
194 # endif
195 if (n < 8)
196 {
197 @@ -655,16 +657,19 @@
198 for (;;)
199 {
200 i/=2;
201 - if (i <= tna && tna == tnb)
202 + /* these simplified conditions work
203 + * exclusively because difference
204 + * between tna and tnb is 1 or 0 */
205 + if (i < tna || i < tnb)
206 {
207 - bn_mul_recursive(&(r[n2]),
208 + bn_mul_part_recursive(&(r[n2]),
209 &(a[n]),&(b[n]),
210 i,tna-i,tnb-i,p);
211 break;
212 }
213 - else if (i < tna || i < tnb)
214 + else if (i == tna || i == tnb)
215 {
216 - bn_mul_part_recursive(&(r[n2]),
217 + bn_mul_recursive(&(r[n2]),
218 &(a[n]),&(b[n]),
219 i,tna-i,tnb-i,p);
220 break;

admin@koozali.org
ViewVC Help
Powered by ViewVC 1.2.1 RSS 2.0 feed