diff options
| author | Matt Caswell <matt@openssl.org> | 2016-05-26 10:55:11 +0100 |
|---|---|---|
| committer | Matt Caswell <matt@openssl.org> | 2016-06-06 11:09:06 +0100 |
| commit | 5584f65a1027b06fe0cfc4be28d1a232cf180e42 (patch) | |
| tree | e1d62f81d9d5a23575e4f4063b47d28e680afcdf /crypto/rsa/rsa_gen.c | |
| parent | f943e640efbb5ec30bf57b59468c094083c99eb2 (diff) | |
| download | openssl-5584f65a1027b06fe0cfc4be28d1a232cf180e42.tar.gz | |
Deprecate the flags that switch off constant time
The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and
DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch
off the constant time implementation for RSA, DSA and DH have been made
no-ops and deprecated.
Reviewed-by: Richard Levitte <levitte@openssl.org>
Diffstat (limited to 'crypto/rsa/rsa_gen.c')
| -rw-r--r-- | crypto/rsa/rsa_gen.c | 61 |
1 files changed, 24 insertions, 37 deletions
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index b25d76e55c..5c6b6192e6 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -137,64 +137,51 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, if (!BN_mul(r0, r1, r2, ctx)) goto err; /* (p-1)(q-1) */ { - BIGNUM *local_r0 = NULL, *pr0; - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - pr0 = local_r0 = BN_new(); - if (local_r0 == NULL) - goto err; - BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); - } else { - pr0 = r0; - } + BIGNUM *pr0 = BN_new(); + + if (pr0 == NULL) + goto err; + BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) { - BN_free(local_r0); + BN_free(pr0); goto err; /* d */ } - /* We MUST free local_r0 before any further use of r0 */ - BN_free(local_r0); + /* We MUST free pr0 before any further use of r0 */ + BN_free(pr0); } { - BIGNUM *local_d = NULL, *d; - /* set up d for correct BN_FLG_CONSTTIME flag */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - d = local_d = BN_new(); - if (local_d == NULL) - goto err; - BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); - } else { - d = rsa->d; - } + BIGNUM *d = BN_new(); + + if (d == NULL) + goto err; + BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); if ( /* calculate d mod (p-1) */ !BN_mod(rsa->dmp1, d, r1, ctx) /* calculate d mod (q-1) */ || !BN_mod(rsa->dmq1, d, r2, ctx)) { - BN_free(local_d); + BN_free(d); goto err; } - /* We MUST free local_d before any further use of rsa->d */ - BN_free(local_d); + /* We MUST free d before any further use of rsa->d */ + BN_free(d); } { - BIGNUM *local_p = NULL, *p; + BIGNUM *p = BN_new(); + + if (p == NULL) + goto err; + BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); /* calculate inverse of q mod p */ - if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { - p = local_p = BN_new(); - if (local_p == NULL) - goto err; - BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); - } else { - p = rsa->p; - } if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) { - BN_free(local_p); + BN_free(p); goto err; } - /* We MUST free local_p before any further use of rsa->p */ - BN_free(local_p); + /* We MUST free p before any further use of rsa->p */ + BN_free(p); } ok = 1; |