OLD | NEW |
1 /* crypto/bn/bn_blind.c */ | 1 /* crypto/bn/bn_blind.c */ |
2 /* ==================================================================== | 2 /* ==================================================================== |
3 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved. | 3 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. |
4 * | 4 * |
5 * Redistribution and use in source and binary forms, with or without | 5 * Redistribution and use in source and binary forms, with or without |
6 * modification, are permitted provided that the following conditions | 6 * modification, are permitted provided that the following conditions |
7 * are met: | 7 * are met: |
8 * | 8 * |
9 * 1. Redistributions of source code must retain the above copyright | 9 * 1. Redistributions of source code must retain the above copyright |
10 * notice, this list of conditions and the following disclaimer. | 10 * notice, this list of conditions and the following disclaimer. |
11 * | 11 * |
12 * 2. Redistributions in binary form must reproduce the above copyright | 12 * 2. Redistributions in binary form must reproduce the above copyright |
13 * notice, this list of conditions and the following disclaimer in | 13 * notice, this list of conditions and the following disclaimer in |
(...skipping 100 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
114 #include "bn_lcl.h" | 114 #include "bn_lcl.h" |
115 | 115 |
116 #define BN_BLINDING_COUNTER 32 | 116 #define BN_BLINDING_COUNTER 32 |
117 | 117 |
118 struct bn_blinding_st | 118 struct bn_blinding_st |
119 { | 119 { |
120 BIGNUM *A; | 120 BIGNUM *A; |
121 BIGNUM *Ai; | 121 BIGNUM *Ai; |
122 BIGNUM *e; | 122 BIGNUM *e; |
123 BIGNUM *mod; /* just a reference */ | 123 BIGNUM *mod; /* just a reference */ |
| 124 #ifndef OPENSSL_NO_DEPRECATED |
124 unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; | 125 unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; |
125 * used only by crypto/rsa/rsa_eay.c, rsa_lib.c
*/ | 126 * used only by crypto/rsa/rsa_eay.c, rsa_lib.c
*/ |
126 » unsigned int counter; | 127 #endif |
| 128 » CRYPTO_THREADID tid; |
| 129 » int counter; |
127 unsigned long flags; | 130 unsigned long flags; |
128 BN_MONT_CTX *m_ctx; | 131 BN_MONT_CTX *m_ctx; |
129 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 132 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
130 const BIGNUM *m, BN_CTX *ctx, | 133 const BIGNUM *m, BN_CTX *ctx, |
131 BN_MONT_CTX *m_ctx); | 134 BN_MONT_CTX *m_ctx); |
132 }; | 135 }; |
133 | 136 |
134 BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, /* const */ BIGN
UM *mod) | 137 BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) |
135 { | 138 { |
136 BN_BLINDING *ret=NULL; | 139 BN_BLINDING *ret=NULL; |
137 | 140 |
138 bn_check_top(mod); | 141 bn_check_top(mod); |
139 | 142 |
140 if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) | 143 if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) |
141 { | 144 { |
142 BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); | 145 BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); |
143 return(NULL); | 146 return(NULL); |
144 } | 147 } |
145 memset(ret,0,sizeof(BN_BLINDING)); | 148 memset(ret,0,sizeof(BN_BLINDING)); |
146 if (A != NULL) | 149 if (A != NULL) |
147 { | 150 { |
148 if ((ret->A = BN_dup(A)) == NULL) goto err; | 151 if ((ret->A = BN_dup(A)) == NULL) goto err; |
149 } | 152 } |
150 if (Ai != NULL) | 153 if (Ai != NULL) |
151 { | 154 { |
152 if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; | 155 if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; |
153 } | 156 } |
154 | 157 |
155 /* save a copy of mod in the BN_BLINDING structure */ | 158 /* save a copy of mod in the BN_BLINDING structure */ |
156 if ((ret->mod = BN_dup(mod)) == NULL) goto err; | 159 if ((ret->mod = BN_dup(mod)) == NULL) goto err; |
157 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) | 160 if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) |
158 BN_set_flags(ret->mod, BN_FLG_CONSTTIME); | 161 BN_set_flags(ret->mod, BN_FLG_CONSTTIME); |
159 | 162 |
160 » ret->counter = BN_BLINDING_COUNTER; | 163 » /* Set the counter to the special value -1 |
| 164 » * to indicate that this is never-used fresh blinding |
| 165 » * that does not need updating before first use. */ |
| 166 » ret->counter = -1; |
| 167 » CRYPTO_THREADID_current(&ret->tid); |
161 return(ret); | 168 return(ret); |
162 err: | 169 err: |
163 if (ret != NULL) BN_BLINDING_free(ret); | 170 if (ret != NULL) BN_BLINDING_free(ret); |
164 return(NULL); | 171 return(NULL); |
165 } | 172 } |
166 | 173 |
167 void BN_BLINDING_free(BN_BLINDING *r) | 174 void BN_BLINDING_free(BN_BLINDING *r) |
168 { | 175 { |
169 if(r == NULL) | 176 if(r == NULL) |
170 return; | 177 return; |
171 | 178 |
172 if (r->A != NULL) BN_free(r->A ); | 179 if (r->A != NULL) BN_free(r->A ); |
173 if (r->Ai != NULL) BN_free(r->Ai); | 180 if (r->Ai != NULL) BN_free(r->Ai); |
174 if (r->e != NULL) BN_free(r->e ); | 181 if (r->e != NULL) BN_free(r->e ); |
175 if (r->mod != NULL) BN_free(r->mod); | 182 if (r->mod != NULL) BN_free(r->mod); |
176 OPENSSL_free(r); | 183 OPENSSL_free(r); |
177 } | 184 } |
178 | 185 |
179 int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) | 186 int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) |
180 { | 187 { |
181 int ret=0; | 188 int ret=0; |
182 | 189 |
183 if ((b->A == NULL) || (b->Ai == NULL)) | 190 if ((b->A == NULL) || (b->Ai == NULL)) |
184 { | 191 { |
185 BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); | 192 BNerr(BN_F_BN_BLINDING_UPDATE,BN_R_NOT_INITIALIZED); |
186 goto err; | 193 goto err; |
187 } | 194 } |
188 | 195 |
189 » if (--(b->counter) == 0 && b->e != NULL && | 196 » if (b->counter == -1) |
| 197 » » b->counter = 0; |
| 198 |
| 199 » if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && |
190 !(b->flags & BN_BLINDING_NO_RECREATE)) | 200 !(b->flags & BN_BLINDING_NO_RECREATE)) |
191 { | 201 { |
192 /* re-create blinding parameters */ | 202 /* re-create blinding parameters */ |
193 if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) | 203 if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) |
194 goto err; | 204 goto err; |
195 } | 205 } |
196 else if (!(b->flags & BN_BLINDING_NO_UPDATE)) | 206 else if (!(b->flags & BN_BLINDING_NO_UPDATE)) |
197 { | 207 { |
198 if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; | 208 if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; |
199 if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; | 209 if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; |
200 } | 210 } |
201 | 211 |
202 ret=1; | 212 ret=1; |
203 err: | 213 err: |
204 » if (b->counter == 0) | 214 » if (b->counter == BN_BLINDING_COUNTER) |
205 » » b->counter = BN_BLINDING_COUNTER; | 215 » » b->counter = 0; |
206 return(ret); | 216 return(ret); |
207 } | 217 } |
208 | 218 |
209 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) | 219 int BN_BLINDING_convert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) |
210 { | 220 { |
211 return BN_BLINDING_convert_ex(n, NULL, b, ctx); | 221 return BN_BLINDING_convert_ex(n, NULL, b, ctx); |
212 } | 222 } |
213 | 223 |
214 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) | 224 int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) |
215 { | 225 { |
216 int ret = 1; | 226 int ret = 1; |
217 | 227 |
218 bn_check_top(n); | 228 bn_check_top(n); |
219 | 229 |
220 if ((b->A == NULL) || (b->Ai == NULL)) | 230 if ((b->A == NULL) || (b->Ai == NULL)) |
221 { | 231 { |
222 BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); | 232 BNerr(BN_F_BN_BLINDING_CONVERT_EX,BN_R_NOT_INITIALIZED); |
223 return(0); | 233 return(0); |
224 } | 234 } |
225 | 235 |
| 236 if (b->counter == -1) |
| 237 /* Fresh blinding, doesn't need updating. */ |
| 238 b->counter = 0; |
| 239 else if (!BN_BLINDING_update(b,ctx)) |
| 240 return(0); |
| 241 |
226 if (r != NULL) | 242 if (r != NULL) |
227 { | 243 { |
228 if (!BN_copy(r, b->Ai)) ret=0; | 244 if (!BN_copy(r, b->Ai)) ret=0; |
229 } | 245 } |
230 | 246 |
231 if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; | 247 if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; |
232 | 248 |
233 return ret; | 249 return ret; |
234 } | 250 } |
235 | 251 |
236 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) | 252 int BN_BLINDING_invert(BIGNUM *n, BN_BLINDING *b, BN_CTX *ctx) |
237 { | 253 { |
238 return BN_BLINDING_invert_ex(n, NULL, b, ctx); | 254 return BN_BLINDING_invert_ex(n, NULL, b, ctx); |
239 } | 255 } |
240 | 256 |
241 int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
x) | 257 int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct
x) |
242 { | 258 { |
243 int ret; | 259 int ret; |
244 | 260 |
245 bn_check_top(n); | 261 bn_check_top(n); |
246 if ((b->A == NULL) || (b->Ai == NULL)) | |
247 { | |
248 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); | |
249 return(0); | |
250 } | |
251 | 262 |
252 if (r != NULL) | 263 if (r != NULL) |
253 ret = BN_mod_mul(n, n, r, b->mod, ctx); | 264 ret = BN_mod_mul(n, n, r, b->mod, ctx); |
254 else | 265 else |
| 266 { |
| 267 if (b->Ai == NULL) |
| 268 { |
| 269 BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); |
| 270 return(0); |
| 271 } |
255 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); | 272 ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); |
| 273 } |
256 | 274 |
257 if (ret >= 0) | |
258 { | |
259 if (!BN_BLINDING_update(b,ctx)) | |
260 return(0); | |
261 } | |
262 bn_check_top(n); | 275 bn_check_top(n); |
263 return(ret); | 276 return(ret); |
264 } | 277 } |
265 | 278 |
| 279 #ifndef OPENSSL_NO_DEPRECATED |
266 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) | 280 unsigned long BN_BLINDING_get_thread_id(const BN_BLINDING *b) |
267 { | 281 { |
268 return b->thread_id; | 282 return b->thread_id; |
269 } | 283 } |
270 | 284 |
271 void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) | 285 void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) |
272 { | 286 { |
273 b->thread_id = n; | 287 b->thread_id = n; |
274 } | 288 } |
| 289 #endif |
| 290 |
| 291 CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) |
| 292 { |
| 293 return &b->tid; |
| 294 } |
275 | 295 |
276 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) | 296 unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) |
277 { | 297 { |
278 return b->flags; | 298 return b->flags; |
279 } | 299 } |
280 | 300 |
281 void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) | 301 void BN_BLINDING_set_flags(BN_BLINDING *b, unsigned long flags) |
282 { | 302 { |
283 b->flags = flags; | 303 b->flags = flags; |
284 } | 304 } |
285 | 305 |
286 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, | 306 BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, |
287 » const BIGNUM *e, /* const */ BIGNUM *m, BN_CTX *ctx, | 307 » const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, |
288 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, | 308 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, |
289 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), | 309 const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), |
290 BN_MONT_CTX *m_ctx) | 310 BN_MONT_CTX *m_ctx) |
291 { | 311 { |
292 int retry_counter = 32; | 312 int retry_counter = 32; |
293 BN_BLINDING *ret = NULL; | 313 BN_BLINDING *ret = NULL; |
294 | 314 |
295 if (b == NULL) | 315 if (b == NULL) |
296 ret = BN_BLINDING_new(NULL, NULL, m); | 316 ret = BN_BLINDING_new(NULL, NULL, m); |
297 else | 317 else |
(...skipping 58 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
356 return ret; | 376 return ret; |
357 err: | 377 err: |
358 if (b == NULL && ret != NULL) | 378 if (b == NULL && ret != NULL) |
359 { | 379 { |
360 BN_BLINDING_free(ret); | 380 BN_BLINDING_free(ret); |
361 ret = NULL; | 381 ret = NULL; |
362 } | 382 } |
363 | 383 |
364 return ret; | 384 return ret; |
365 } | 385 } |
OLD | NEW |