From 6b6f64da2dac75df306611cfaa82798cb4f01cdd Mon Sep 17 00:00:00 2001 From: Andy Polyakov Date: Fri, 27 May 2005 08:11:16 +0000 Subject: [PATCH] Constant time DH [sync with mainstream]. Submitted by: bodo --- fips/dh/fips_dh_key.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/fips/dh/fips_dh_key.c b/fips/dh/fips_dh_key.c index 7d6f259b50..581de17364 100644 --- a/fips/dh/fips_dh_key.c +++ b/fips/dh/fips_dh_key.c @@ -145,8 +145,22 @@ static int generate_key(DH *dh) l = dh->length ? dh->length : BN_num_bits(dh->p)-1; /* secret exponent length */ if (!BN_rand(priv_key, l, 0, 0)) goto err; } - if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, priv_key,dh->p,ctx,mont)) - goto err; + + { + BIGNUM local_prk; + BIGNUM *prk; + + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) + { + prk = &local_prk; + BN_with_flags(prk, priv_key, BN_FLG_EXP_CONSTTIME); + } + else + prk = priv_key; + + if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) + goto err; + } dh->pub_key=pub_key; dh->priv_key=priv_key; @@ -184,6 +198,11 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh) mont = BN_MONT_CTX_set_locked( (BN_MONT_CTX **)&dh->method_mont_p, CRYPTO_LOCK_DH, dh->p, ctx); + if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) + { + /* XXX */ + BN_set_flags(dh->priv_key, BN_FLG_EXP_CONSTTIME); + } if (!mont) goto err; } @@ -206,7 +225,10 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx) { - if (a->top == 1) + /* If a is only one word long and constant time is false, use the faster + * exponenentiation function. + */ + if (a->top == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) { BN_ULONG A = a->d[0]; return BN_mod_exp_mont_word(r,A,p,m,ctx,m_ctx); -- 2.40.0