diff options
| author | Andy Polyakov <appro@openssl.org> | 2018-07-06 15:02:29 +0200 |
|---|---|---|
| committer | Andy Polyakov <appro@openssl.org> | 2018-07-12 14:52:05 +0200 |
| commit | 305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb (patch) | |
| tree | 8dad9c5e9d9f41f89956e504abd72444c8563013 /crypto/bn/bn_lcl.h | |
| parent | 6c90182a5f87af1a1e462536e7123ad2afb84c43 (diff) | |
| download | openssl-305b68f1a2b6d4d0aa07a6ab47ac372f067a40bb.tar.gz | |
bn/bn_lib.c: add BN_FLG_FIXED_TOP flag.
The new flag marks vectors that were not treated with bn_correct_top,
in other words such vectors are permitted to be zero padded. For now
it's BN_DEBUG-only flag, as initial use case for zero-padded vectors
would be controlled Montgomery multiplication/exponentiation, not
general purpose. For general purpose use another type might be more
appropriate. Advantage of this suggestion is that it's possible to
back-port it...
bn/bn_div.c: fix memory sanitizer problem.
bn/bn_sqr.c: harmonize with BN_mul.
Reviewed-by: Rich Salz <rsalz@openssl.org>
Reviewed-by: David Benjamin <davidben@google.com>
(Merged from https://github.com/openssl/openssl/pull/6662)
Diffstat (limited to 'crypto/bn/bn_lcl.h')
| -rw-r--r-- | crypto/bn/bn_lcl.h | 17 |
1 files changed, 15 insertions, 2 deletions
diff --git a/crypto/bn/bn_lcl.h b/crypto/bn/bn_lcl.h index f57c87d9b3..b658a9516b 100644 --- a/crypto/bn/bn_lcl.h +++ b/crypto/bn/bn_lcl.h @@ -141,6 +141,16 @@ */ # ifdef BN_DEBUG +/* + * The new BN_FLG_FIXED_TOP flag marks vectors that were not treated with + * bn_correct_top, in other words such vectors are permitted to have zeros + * in most significant limbs. Such vectors are used internally to achieve + * execution time invariance for critical operations with private keys. + * It's BN_DEBUG-only flag, because user application is not supposed to + * observe it anyway. Moreover, optimizing compiler would actually remove + * all operations manipulating the bit in question in non-BN_DEBUG build. + */ +# define BN_FLG_FIXED_TOP 0x10000 # include <assert.h> # ifdef BN_DEBUG_RAND # define bn_pollute(a) \ @@ -165,8 +175,10 @@ do { \ const BIGNUM *_bnum2 = (a); \ if (_bnum2 != NULL) { \ - assert(((_bnum2->top == 0) && !_bnum2->neg) || \ - (_bnum2->top && (_bnum2->d[_bnum2->top - 1] != 0))); \ + int top = _bnum2->top; \ + assert((top == 0 && !_bnum2->neg) || \ + (top && ((_bnum2->flags & BN_FLG_FIXED_TOP) \ + || _bnum2->d[top - 1] != 0))); \ bn_pollute(_bnum2); \ } \ } while(0) @@ -185,6 +197,7 @@ # else /* !BN_DEBUG */ +# define BN_FLG_FIXED_TOP 0 # define bn_pollute(a) # define bn_check_top(a) # define bn_fix_top(a) bn_correct_top(a) |