Search
j0ke.net Open Build Service
>
Projects
>
home:netmax
:
monitoring
>
openssl1
> 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch
Sign Up
|
Log In
Username
Password
Cancel
Overview
Repositories
Revisions
Requests
Users
Advanced
Attributes
Meta
File 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch of Package openssl1
From b6f773b8d6c41e86c107b57dabc637c91884150e Mon Sep 17 00:00:00 2001 From: Andy Polyakov <appro@openssl.org> Date: Mon, 13 Aug 2018 16:59:08 +0200 Subject: [PATCH 3/4] bn/bn_blind.c: use Montgomery multiplication when possible. (cherry picked from commit e02c519cd32a55e6ad39a0cfbeeda775f9115f28) Resolved conflicts: crypto/bn/bn_blind.c Reviewed-by: Paul Dale <paul.dale@oracle.com> (Merged from https://github.com/openssl/openssl/pull/6942) --- crypto/bn/bn_blind.c | 63 +++++++++++++++++++++++++++++++------------- 1 file changed, 44 insertions(+), 19 deletions(-) Index: openssl-1.0.1i/crypto/bn/bn_blind.c =================================================================== --- openssl-1.0.1i.orig/crypto/bn/bn_blind.c +++ openssl-1.0.1i/crypto/bn/bn_blind.c @@ -203,11 +203,17 @@ int BN_BLINDING_update(BN_BLINDING *b, B if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL)) goto err; } - else if (!(b->flags & BN_BLINDING_NO_UPDATE)) - { - if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err; - if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err; + else if (!(b->flags & BN_BLINDING_NO_UPDATE)) { + if (b->m_ctx != NULL) { + if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx) + || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx)) + goto err; + } else { + if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx) + || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx)) + goto err; } + } ret=1; err: @@ -239,13 +245,14 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BI else if (!BN_BLINDING_update(b,ctx)) return(0); - if (r != NULL) - { - if (!BN_copy(r, b->Ai)) ret=0; - } + if (r != NULL && (BN_copy(r, b->Ai) == NULL)) + return 0; + + if (b->m_ctx != NULL) + ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx); + else + ret = BN_mod_mul(n, n, b->A, b->mod, ctx); - if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0; - return ret; } @@ -260,17 +267,30 @@ int BN_BLINDING_invert_ex(BIGNUM *n, con bn_check_top(n); - if (r != NULL) - ret = BN_mod_mul(n, n, r, b->mod, ctx); - else - { - if (b->Ai == NULL) - { - BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); - return(0); + if (r == NULL && (r = b->Ai) == NULL) { + BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED); + return 0; + } + + if (b->m_ctx != NULL) { + /* ensure that BN_mod_mul_montgomery takes pre-defined path */ + if (n->dmax >= r->top) { + size_t i, rtop = r->top, ntop = n->top; + BN_ULONG mask; + + for (i = 0; i < rtop; i++) { + mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1)); + n->d[i] &= mask; } - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); + mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1)); + /* always true, if (rtop >= ntop) n->top = r->top; */ + n->top = (int)(rtop & ~mask) | (ntop & mask); + n->flags |= (BN_FLG_FIXED_TOP & ~mask); } + ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx); + } else { + ret = BN_mod_mul(n, n, r, b->mod, ctx); + } bn_check_top(n); return(ret); @@ -362,16 +382,19 @@ BN_BLINDING *BN_BLINDING_create_param(BN break; } while (1); - if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) - { + if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) goto err; - } - else - { + } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) goto err; - } + } + + if (ret->m_ctx != NULL) { + if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx) + || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx)) + goto err; + } return ret; err: