X-Git-Url: https://git.openssl.org/gitweb/?p=openssl.git;a=blobdiff_plain;f=crypto%2Fbn%2Fbn_blind.c;h=c1ce1614c538deb816ae4cc4240e0b9f6a779318;hp=fa48470a57feb7bf30d608ed12ad0bce2cce2338;hb=612f4e2384e4cfecef42734b8b7d988cf849e74e;hpb=f7ccba3edf9f1f02d7bd3b019d7bc96f25a95718 diff --git a/crypto/bn/bn_blind.c b/crypto/bn/bn_blind.c index fa48470a57..c1ce1614c5 100644 --- a/crypto/bn/bn_blind.c +++ b/crypto/bn/bn_blind.c @@ -109,6 +109,8 @@ * [including the GNU Public Licence.] */ +#define OPENSSL_FIPSAPI + #include #include "cryptlib.h" #include "bn_lcl.h" @@ -121,14 +123,12 @@ struct bn_blinding_st BIGNUM *Ai; BIGNUM *e; BIGNUM *mod; /* just a reference */ -/* FIXME: should really try to remove these, but the deprecated APIs that are - * using them would need to be fudged somehow. */ #ifndef OPENSSL_NO_DEPRECATED unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b; * used only by crypto/rsa/rsa_eay.c, rsa_lib.c */ #endif CRYPTO_THREADID tid; - unsigned int counter; + int counter; unsigned long flags; BN_MONT_CTX *m_ctx; int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, @@ -162,7 +162,11 @@ BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); - ret->counter = BN_BLINDING_COUNTER; + /* Set the counter to the special value -1 + * to indicate that this is never-used fresh blinding + * that does not need updating before first use. */ + ret->counter = -1; + CRYPTO_THREADID_current(&ret->tid); return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); @@ -191,7 +195,10 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) goto err; } - if (--(b->counter) == 0 && b->e != NULL && + if (b->counter == -1) + b->counter = 0; + + if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL && !(b->flags & BN_BLINDING_NO_RECREATE)) { /* re-create blinding parameters */ @@ -206,8 +213,8 @@ int BN_BLINDING_update(BN_BLINDING *b, BN_CTX *ctx) ret=1; err: - if (b->counter == 0) - b->counter = BN_BLINDING_COUNTER; + if (b->counter == BN_BLINDING_COUNTER) + b->counter = 0; return(ret); } @@ -228,6 +235,12 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BIGNUM *r, BN_BLINDING *b, BN_CTX *ctx) return(0); } + if (b->counter == -1) + /* Fresh blinding, doesn't need updating. */ + b->counter = 0; + else if (!BN_BLINDING_update(b,ctx)) + return(0); + if (r != NULL) { if (!BN_copy(r, b->Ai)) ret=0; @@ -248,22 +261,19 @@ int BN_BLINDING_invert_ex(BIGNUM *n, const BIGNUM *r, BN_BLINDING *b, BN_CTX *ct int ret; bn_check_top(n); - if ((b->A == NULL) || (b->Ai == NULL)) - { - BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); - return(0); - } if (r != NULL) ret = BN_mod_mul(n, n, r, b->mod, ctx); else - ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); - - if (ret >= 0) { - if (!BN_BLINDING_update(b,ctx)) + if (b->Ai == NULL) + { + BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED); return(0); + } + ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx); } + bn_check_top(n); return(ret); } @@ -280,14 +290,9 @@ void BN_BLINDING_set_thread_id(BN_BLINDING *b, unsigned long n) } #endif -void BN_BLINDING_set_thread(BN_BLINDING *b) - { - CRYPTO_THREADID_set(&b->tid); - } - -int BN_BLINDING_cmp_thread(const BN_BLINDING *b, const CRYPTO_THREADID *tid) +CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b) { - return CRYPTO_THREADID_cmp(&b->tid, tid); + return &b->tid; } unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b) @@ -337,12 +342,12 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, ret->m_ctx = m_ctx; do { + int rv; if (!BN_rand_range(ret->A, ret->mod)) goto err; - if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) + if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv)) { /* this should almost never happen for good RSA keys */ - unsigned long error = ERR_peek_last_error(); - if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) + if (rv) { if (retry_counter-- == 0) { @@ -350,7 +355,6 @@ BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, BN_R_TOO_MANY_ITERATIONS); goto err; } - ERR_clear_error(); } else goto err;