View
@@ -1,4 +1,4 @@
/* $OpenBSD: rsa_eay.c,v 1.43 2016/09/09 11:39:11 tb Exp $ */
/* $OpenBSD: rsa_eay.c,v 1.44 2017/01/21 09:38:59 beck Exp $ */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
@@ -118,6 +118,8 @@
#include <openssl/err.h>
#include <openssl/rsa.h>
#include "bn_lcl.h"
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
@@ -137,7 +139,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth = {
.rsa_priv_enc = RSA_eay_private_encrypt, /* signing */
.rsa_priv_dec = RSA_eay_private_decrypt,
.rsa_mod_exp = RSA_eay_mod_exp,
.bn_mod_exp = BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
.bn_mod_exp = BN_mod_exp_mont_ct, /* XXX probably we should not use Montgomery if e == 3 */
.init = RSA_eay_init,
.finish = RSA_eay_finish,
};
View
@@ -1,11 +1,11 @@
# $OpenBSD: Makefile,v 1.3 2016/12/21 15:51:05 jsing Exp $
# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
.include "../../Makefile.inc"
PROG= bntest
LDADD= ${CRYPTO_INT}
DPADD= ${LIBCRYPTO}
WARNINGS= Yes
CFLAGS+= -DLIBRESSL_INTERNAL -Werror
CFLAGS+= -Werror
.include <bsd.regress.mk>
View
@@ -84,6 +84,15 @@
#include <openssl/x509.h>
#include <openssl/err.h>
int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_bntest_rand(BIGNUM *rnd, int bits, int top, int bottom);
const int num0 = 100; /* number of tests */
@@ -1037,6 +1046,14 @@ test_mod_exp(BIO *bp, BN_CTX *ctx)
fprintf(stderr, "BN_mod_exp with zero modulus succeeded!\n");
return (0);
}
if (BN_mod_exp_ct(d, a, b, c, ctx)) {
fprintf(stderr, "BN_mod_exp_ct with zero modulus succeeded!\n");
return (0);
}
if (BN_mod_exp_nonct(d, a, b, c, ctx)) {
fprintf(stderr, "BN_mod_exp_nonct with zero modulus succeeded!\n");
return (0);
}
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
@@ -1069,6 +1086,70 @@ test_mod_exp(BIO *bp, BN_CTX *ctx)
break;
}
}
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
BN_bntest_rand(a, 20 + i * 5, 0, 0);
BN_bntest_rand(b, 2 + i, 0, 0);
if (!BN_mod_exp_ct(d, a, b, c, ctx)) {
rc = 0;
break;
}
if (bp != NULL) {
if (!results) {
BN_print(bp, a);
BIO_puts(bp, " ^ ");
BN_print(bp, b);
BIO_puts(bp, " % ");
BN_print(bp, c);
BIO_puts(bp, " - ");
}
BN_print(bp, d);
BIO_puts(bp, "\n");
}
BN_exp(e, a, b, ctx);
BN_sub(e, e, d);
BN_div(a, b, e, c, ctx);
if (!BN_is_zero(b)) {
fprintf(stderr, "Modulo exponentiation test failed!\n");
rc = 0;
break;
}
}
BN_bntest_rand(c, 30, 0, 1); /* must be odd for montgomery */
for (i = 0; i < num2; i++) {
BN_bntest_rand(a, 20 + i * 5, 0, 0);
BN_bntest_rand(b, 2 + i, 0, 0);
if (!BN_mod_exp_nonct(d, a, b, c, ctx)) {
rc = 0;
break;
}
if (bp != NULL) {
if (!results) {
BN_print(bp, a);
BIO_puts(bp, " ^ ");
BN_print(bp, b);
BIO_puts(bp, " % ");
BN_print(bp, c);
BIO_puts(bp, " - ");
}
BN_print(bp, d);
BIO_puts(bp, "\n");
}
BN_exp(e, a, b, ctx);
BN_sub(e, e, d);
BN_div(a, b, e, c, ctx);
if (!BN_is_zero(b)) {
fprintf(stderr, "Modulo exponentiation test failed!\n");
rc = 0;
break;
}
}
BN_free(a);
BN_free(b);
BN_free(c);
View
@@ -1,9 +1,9 @@
# $OpenBSD: Makefile,v 1.2 2014/07/08 15:53:52 jsing Exp $
# $OpenBSD: Makefile,v 1.3 2017/01/21 09:38:58 beck Exp $
PROG= mont
LDADD= -lcrypto
DPADD= ${LIBCRYPTO}
WARNINGS= Yes
CFLAGS+= -DLIBRESSL_INTERNAL -Werror
CFLAGS+= -Werror
.include <bsd.regress.mk>
View
@@ -1,9 +1,9 @@
# $OpenBSD: Makefile,v 1.3 2014/07/08 15:53:52 jsing Exp $
# $OpenBSD: Makefile,v 1.4 2017/01/21 09:38:58 beck Exp $
PROG= exptest
LDADD= -lcrypto
LDADD= ${CRYPTO_INT}
DPADD= ${LIBCRYPTO}
WARNINGS= Yes
CFLAGS+= -DLIBRESSL_INTERNAL -Werror
CFLAGS+= -Werror
.include <bsd.regress.mk>
View
@@ -64,6 +64,15 @@
#include <openssl/bn.h>
#include <openssl/err.h>
int BN_mod_exp_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx);
int BN_mod_exp_mont_ct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
int BN_mod_exp_mont_nonct(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
#define NUM_BITS (BN_BITS*2)
/*
@@ -116,6 +125,18 @@ static int test_exp_mod_zero(void)
if (!a_is_zero_mod_one("BN_mod_exp", &r, &a))
failed = 1;
if (!BN_mod_exp_ct(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_ct", &r, &a))
failed = 1;
if (!BN_mod_exp_nonct(&r, &a, &p, &m, ctx))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_nonct", &r, &a))
failed = 1;
if (!BN_mod_exp_recp(&r, &a, &p, &m, ctx))
goto err;
@@ -134,6 +155,18 @@ static int test_exp_mod_zero(void)
if (!a_is_zero_mod_one("BN_mod_exp_mont", &r, &a))
failed = 1;
if (!BN_mod_exp_mont_ct(&r, &a, &p, &m, ctx, NULL))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_mont_ct", &r, &a))
failed = 1;
if (!BN_mod_exp_mont_nonct(&r, &a, &p, &m, ctx, NULL))
goto err;
if (!a_is_zero_mod_one("BN_mod_exp_mont_nonct", &r, &a))
failed = 1;
if (!BN_mod_exp_mont_consttime(&r, &a, &p, &m, ctx, NULL)) {
goto err;
}
@@ -175,7 +208,8 @@ int main(int argc, char *argv[])
BIO *out = NULL;
int i, ret;
unsigned char c;
BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple, *a, *b, *m;
BIGNUM *r_mont, *r_mont_const, *r_recp, *r_simple,
*r_mont_ct, *r_mont_nonct, *a, *b, *m;
ERR_load_BN_strings();
@@ -184,6 +218,8 @@ int main(int argc, char *argv[])
exit(1);
r_mont = BN_new();
r_mont_const = BN_new();
r_mont_ct = BN_new();
r_mont_nonct = BN_new();
r_recp = BN_new();
r_simple = BN_new();
a = BN_new();
@@ -221,6 +257,20 @@ int main(int argc, char *argv[])
exit(1);
}
ret = BN_mod_exp_mont_ct(r_mont_ct, a, b, m, ctx, NULL);
if (ret <= 0) {
printf("BN_mod_exp_mont_ct() problems\n");
ERR_print_errors(out);
exit(1);
}
ret = BN_mod_exp_mont_nonct(r_mont_nonct, a, b, m, ctx, NULL);
if (ret <= 0) {
printf("BN_mod_exp_mont_nonct() problems\n");
ERR_print_errors(out);
exit(1);
}
ret = BN_mod_exp_recp(r_recp, a, b, m, ctx);
if (ret <= 0) {
printf("BN_mod_exp_recp() problems\n");
@@ -254,6 +304,10 @@ int main(int argc, char *argv[])
printf("\nsimple and mont const time results differ\n");
if (BN_cmp(r_simple, r_recp) != 0)
printf("\nsimple and recp results differ\n");
if (BN_cmp(r_mont, r_mont_ct) != 0)
printf("\nmont_ct and mont results differ\n");
if (BN_cmp(r_mont_ct, r_mont_nonct) != 0)
printf("\nmont_ct and mont_nonct results differ\n");
printf("a (%3d) = ", BN_num_bits(a));
BN_print(out, a);