summaryrefslogtreecommitdiff
path: root/app/openssl/crypto/bn
diff options
context:
space:
mode:
authorParménides GV <parmegv@sdf.org>2014-12-15 16:22:58 +0100
committerParménides GV <parmegv@sdf.org>2014-12-15 16:22:58 +0100
commit18fef7c99aa36b3e5622b3865f36d78d0879e92d (patch)
tree7a04fc87318d5008bbc1f1ac145ebb505bb5238c /app/openssl/crypto/bn
parent56fe0400b8983ce57112ed5a0f993985a87741c0 (diff)
parent33c5958a18599267820f73b151d8161d83f93d88 (diff)
Merge branch 'research/Test-on-Android-5-#6543' into develop
Diffstat (limited to 'app/openssl/crypto/bn')
-rw-r--r--app/openssl/crypto/bn/asm/x86_64-gcc.c8
-rw-r--r--app/openssl/crypto/bn/bn_exp.c11
-rw-r--r--app/openssl/crypto/bn/bn_lib.c9
-rw-r--r--app/openssl/crypto/bn/bn_nist.c6
-rw-r--r--app/openssl/crypto/bn/bn_sqr.c1
-rw-r--r--app/openssl/crypto/bn/exptest.c45
6 files changed, 70 insertions, 10 deletions
diff --git a/app/openssl/crypto/bn/asm/x86_64-gcc.c b/app/openssl/crypto/bn/asm/x86_64-gcc.c
index 329946e5..6bcf32f6 100644
--- a/app/openssl/crypto/bn/asm/x86_64-gcc.c
+++ b/app/openssl/crypto/bn/asm/x86_64-gcc.c
@@ -189,7 +189,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
if (n <= 0) return 0;
- asm (
+ asm volatile (
" subq %2,%2 \n"
".p2align 4 \n"
"1: movq (%4,%2,8),%0 \n"
@@ -200,7 +200,7 @@ BN_ULONG bn_add_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
" sbbq %0,%0 \n"
: "=&a"(ret),"+c"(n),"=&r"(i)
: "r"(rp),"r"(ap),"r"(bp)
- : "cc"
+ : "cc", "memory"
);
return ret&1;
@@ -212,7 +212,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
if (n <= 0) return 0;
- asm (
+ asm volatile (
" subq %2,%2 \n"
".p2align 4 \n"
"1: movq (%4,%2,8),%0 \n"
@@ -223,7 +223,7 @@ BN_ULONG bn_sub_words (BN_ULONG *rp, const BN_ULONG *ap, const BN_ULONG *bp,int
" sbbq %0,%0 \n"
: "=&a"(ret),"+c"(n),"=&r"(i)
: "r"(rp),"r"(ap),"r"(bp)
- : "cc"
+ : "cc", "memory"
);
return ret&1;
diff --git a/app/openssl/crypto/bn/bn_exp.c b/app/openssl/crypto/bn/bn_exp.c
index 2abf6fd6..611fa326 100644
--- a/app/openssl/crypto/bn/bn_exp.c
+++ b/app/openssl/crypto/bn/bn_exp.c
@@ -680,7 +680,7 @@ int BN_mod_exp_mont_consttime(BIGNUM *rr, const BIGNUM *a, const BIGNUM *p,
/* Dedicated window==4 case improves 512-bit RSA sign by ~15%, but as
* 512-bit RSA is hardly relevant, we omit it to spare size... */
- if (window==5)
+ if (window==5 && top>1)
{
void bn_mul_mont_gather5(BN_ULONG *rp,const BN_ULONG *ap,
const void *table,const BN_ULONG *np,
@@ -874,7 +874,14 @@ int BN_mod_exp_mont_word(BIGNUM *rr, BN_ULONG a, const BIGNUM *p,
bits = BN_num_bits(p);
if (bits == 0)
{
- ret = BN_one(rr);
+ /* x**0 mod 1 is still zero. */
+ if (BN_is_one(m))
+ {
+ ret = 1;
+ BN_zero(rr);
+ }
+ else
+ ret = BN_one(rr);
return ret;
}
if (a == 0)
diff --git a/app/openssl/crypto/bn/bn_lib.c b/app/openssl/crypto/bn/bn_lib.c
index 5461e6ee..d5a211e2 100644
--- a/app/openssl/crypto/bn/bn_lib.c
+++ b/app/openssl/crypto/bn/bn_lib.c
@@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words)
BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE);
return(NULL);
}
+#ifdef PURIFY
+ /* Valgrind complains in BN_consttime_swap because we process the whole
+ * array even if it's not initialised yet. This doesn't matter in that
+ * function - what's important is constant time operation (we're not
+ * actually going to use the data)
+ */
+ memset(a, 0, sizeof(BN_ULONG)*words);
+#endif
+
#if 1
B=b->d;
/* Check if the previous number needs to be copied */
diff --git a/app/openssl/crypto/bn/bn_nist.c b/app/openssl/crypto/bn/bn_nist.c
index e22968d4..abb15708 100644
--- a/app/openssl/crypto/bn/bn_nist.c
+++ b/app/openssl/crypto/bn/bn_nist.c
@@ -1088,9 +1088,9 @@ int BN_nist_mod_521(BIGNUM *r, const BIGNUM *a, const BIGNUM *field,
/* ... and right shift */
for (val=t_d[0],i=0; i<BN_NIST_521_TOP-1; i++)
{
- tmp = val>>BN_NIST_521_RSHIFT;
- val = t_d[i+1];
- t_d[i] = (tmp | val<<BN_NIST_521_LSHIFT) & BN_MASK2;
+ t_d[i] = ( val>>BN_NIST_521_RSHIFT |
+ (tmp=t_d[i+1])<<BN_NIST_521_LSHIFT ) & BN_MASK2;
+ val=tmp;
}
t_d[i] = val>>BN_NIST_521_RSHIFT;
/* lower 521 bits */
diff --git a/app/openssl/crypto/bn/bn_sqr.c b/app/openssl/crypto/bn/bn_sqr.c
index 270d0cd3..65bbf165 100644
--- a/app/openssl/crypto/bn/bn_sqr.c
+++ b/app/openssl/crypto/bn/bn_sqr.c
@@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx)
if (al <= 0)
{
r->top=0;
+ r->neg = 0;
return 1;
}
diff --git a/app/openssl/crypto/bn/exptest.c b/app/openssl/crypto/bn/exptest.c
index 074a8e88..5fa02a12 100644
--- a/app/openssl/crypto/bn/exptest.c
+++ b/app/openssl/crypto/bn/exptest.c
@@ -71,6 +71,43 @@
static const char rnd_seed[] = "string to make the random number generator think it has entropy";
+/* test_exp_mod_zero tests that x**0 mod 1 == 0. It returns zero on success. */
+static int test_exp_mod_zero() {
+ BIGNUM a, p, m;
+ BIGNUM r;
+ BN_CTX *ctx = BN_CTX_new();
+ int ret = 1;
+
+ BN_init(&m);
+ BN_one(&m);
+
+ BN_init(&a);
+ BN_one(&a);
+
+ BN_init(&p);
+ BN_zero(&p);
+
+ BN_init(&r);
+ BN_mod_exp(&r, &a, &p, &m, ctx);
+ BN_CTX_free(ctx);
+
+ if (BN_is_zero(&r))
+ ret = 0;
+ else
+ {
+ printf("1**0 mod 1 = ");
+ BN_print_fp(stdout, &r);
+ printf(", should be 0\n");
+ }
+
+ BN_free(&r);
+ BN_free(&a);
+ BN_free(&p);
+ BN_free(&m);
+
+ return ret;
+}
+
int main(int argc, char *argv[])
{
BN_CTX *ctx;
@@ -190,7 +227,13 @@ int main(int argc, char *argv[])
ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks(out);
BIO_free(out);
- printf(" done\n");
+ printf("\n");
+
+ if (test_exp_mod_zero() != 0)
+ goto err;
+
+ printf("done\n");
+
EXIT(0);
err:
ERR_load_crypto_strings();