| author | Ronald Jordan <ron.jordan@oracle.com> |
| Fri, 09 May 2014 15:18:09 -0700 | |
| branch | s11u1-sru |
| changeset 3134 | 8c9dcb670552 |
| permissions | -rw-r--r-- |
|
3134
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
1 |
Patch comes from upstream: |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
2 |
http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=2198be3483259de374f91e57d247d0fc667aef29 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
3 |
It will be obsoleted when openssl-1.0.0m is available. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
4 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
5 |
--- openssl-1.0.0l/crypto/bn/bn.h.orig Mon Jan 6 07:00:59 2014 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
6 |
+++ openssl-1.0.0l/crypto/bn/bn.h Fri Apr 18 13:03:57 2014 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
7 |
@@ -538,6 +538,8 @@ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
8 |
BIGNUM *BN_mod_sqrt(BIGNUM *ret, |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
9 |
const BIGNUM *a, const BIGNUM *n,BN_CTX *ctx); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
10 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
11 |
+void BN_consttime_swap(BN_ULONG swap, BIGNUM *a, BIGNUM *b, int nwords); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
12 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
13 |
/* Deprecated versions */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
14 |
#ifndef OPENSSL_NO_DEPRECATED |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
15 |
BIGNUM *BN_generate_prime(BIGNUM *ret,int bits,int safe, |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
16 |
@@ -759,11 +761,20 @@ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
17 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
18 |
#define bn_fix_top(a) bn_check_top(a) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
19 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
20 |
+#define bn_check_size(bn, bits) bn_wcheck_size(bn, ((bits+BN_BITS2-1))/BN_BITS2) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
21 |
+#define bn_wcheck_size(bn, words) \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
22 |
+ do { \
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
23 |
+ const BIGNUM *_bnum2 = (bn); \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
24 |
+ assert(words <= (_bnum2)->dmax && words >= (_bnum2)->top); \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
25 |
+ } while(0) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
26 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
27 |
#else /* !BN_DEBUG */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
28 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
29 |
#define bn_pollute(a) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
30 |
#define bn_check_top(a) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
31 |
#define bn_fix_top(a) bn_correct_top(a) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
32 |
+#define bn_check_size(bn, bits) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
33 |
+#define bn_wcheck_size(bn, words) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
34 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
35 |
#endif |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
36 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
37 |
--- openssl-1.0.0l/crypto/bn/bn_lib.c.orig Mon Jan 6 07:00:59 2014 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
38 |
+++ openssl-1.0.0l/crypto/bn/bn_lib.c Fri Apr 18 13:03:08 2014 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
39 |
@@ -843,3 +843,55 @@ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
40 |
} |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
41 |
return bn_cmp_words(a,b,cl); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
42 |
} |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
43 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
44 |
+/* |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
45 |
+ * Constant-time conditional swap of a and b. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
46 |
+ * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
47 |
+ * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
48 |
+ * and that no more than nwords are used by either a or b. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
49 |
+ * a and b cannot be the same number |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
50 |
+ */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
51 |
+void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
52 |
+ {
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
53 |
+ BN_ULONG t; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
54 |
+ int i; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
55 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
56 |
+ bn_wcheck_size(a, nwords); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
57 |
+ bn_wcheck_size(b, nwords); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
58 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
59 |
+ assert(a != b); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
60 |
+ assert((condition & (condition - 1)) == 0); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
61 |
+ assert(sizeof(BN_ULONG) >= sizeof(int)); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
62 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
63 |
+ condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
64 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
65 |
+ t = (a->top^b->top) & condition; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
66 |
+ a->top ^= t; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
67 |
+ b->top ^= t; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
68 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
69 |
+#define BN_CONSTTIME_SWAP(ind) \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
70 |
+ do { \
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
71 |
+ t = (a->d[ind] ^ b->d[ind]) & condition; \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
72 |
+ a->d[ind] ^= t; \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
73 |
+ b->d[ind] ^= t; \ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
74 |
+ } while (0) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
75 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
76 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
77 |
+ switch (nwords) {
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
78 |
+ default: |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
79 |
+ for (i = 10; i < nwords; i++) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
80 |
+ BN_CONSTTIME_SWAP(i); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
81 |
+ /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
82 |
+ case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
83 |
+ case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
84 |
+ case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
85 |
+ case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
86 |
+ case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
87 |
+ case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
88 |
+ case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
89 |
+ case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
90 |
+ case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
91 |
+ case 1: BN_CONSTTIME_SWAP(0); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
92 |
+ } |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
93 |
+#undef BN_CONSTTIME_SWAP |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
94 |
+} |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
95 |
--- openssl-1.0.0l/crypto/ec/ec2_mult.c.orig Mon Jan 6 07:00:59 2014 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
96 |
+++ openssl-1.0.0l/crypto/ec/ec2_mult.c Fri Apr 18 13:00:28 2014 |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
97 |
@@ -206,11 +206,15 @@ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
98 |
return ret; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
99 |
} |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
100 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
101 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
102 |
/* Computes scalar*point and stores the result in r. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
103 |
* point can not equal r. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
104 |
- * Uses algorithm 2P of |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
105 |
+ * Uses a modified algorithm 2P of |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
106 |
* Lopez, J. and Dahab, R. "Fast multiplication on elliptic curves over |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
107 |
* GF(2^m) without precomputation" (CHES '99, LNCS 1717). |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
108 |
+ * |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
109 |
+ * To protect against side-channel attack the function uses constant time swap, |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
110 |
+ * avoiding conditional branches. |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
111 |
*/ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
112 |
static int ec_GF2m_montgomery_point_multiply(const EC_GROUP *group, EC_POINT *r, const BIGNUM *scalar, |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
113 |
const EC_POINT *point, BN_CTX *ctx) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
114 |
@@ -244,6 +248,11 @@ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
115 |
x2 = &r->X; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
116 |
z2 = &r->Y; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
117 |
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
118 |
+ bn_wexpand(x1, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
119 |
+ bn_wexpand(z1, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
120 |
+ bn_wexpand(x2, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
121 |
+ bn_wexpand(z2, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
122 |
+ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
123 |
if (!BN_GF2m_mod_arr(x1, &point->X, group->poly)) goto err; /* x1 = x */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
124 |
if (!BN_one(z1)) goto err; /* z1 = 1 */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
125 |
if (!group->meth->field_sqr(group, z2, x1, ctx)) goto err; /* z2 = x1^2 = x^2 */ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
126 |
@@ -268,16 +277,12 @@ |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
127 |
word = scalar->d[i]; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
128 |
while (mask) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
129 |
{
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
130 |
- if (word & mask) |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
131 |
- {
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
132 |
- if (!gf2m_Madd(group, &point->X, x1, z1, x2, z2, ctx)) goto err; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
133 |
- if (!gf2m_Mdouble(group, x2, z2, ctx)) goto err; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
134 |
- } |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
135 |
- else |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
136 |
- {
|
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
137 |
- if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
138 |
- if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
139 |
- } |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
140 |
+ BN_consttime_swap(word & mask, x1, x2, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
141 |
+ BN_consttime_swap(word & mask, z1, z2, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
142 |
+ if (!gf2m_Madd(group, &point->X, x2, z2, x1, z1, ctx)) goto err; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
143 |
+ if (!gf2m_Mdouble(group, x1, z1, ctx)) goto err; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
144 |
+ BN_consttime_swap(word & mask, x1, x2, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
145 |
+ BN_consttime_swap(word & mask, z1, z2, group->field.top); |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
146 |
mask >>= 1; |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
147 |
} |
|
8c9dcb670552
18538605 problem in UTILITY/OPENSSL
Ronald Jordan <ron.jordan@oracle.com>
parents:
diff
changeset
|
148 |
mask = BN_TBIT; |