File 0003-bn-bn_blind.c-use-Montgomery-multiplication-when-pos.patch of Package compat-openssl098.31475
From b6f773b8d6c41e86c107b57dabc637c91884150e Mon Sep 17 00:00:00 2001
From: Andy Polyakov <appro@openssl.org>
Date: Mon, 13 Aug 2018 16:59:08 +0200
Subject: [PATCH 3/4] bn/bn_blind.c: use Montgomery multiplication when
possible.
(cherry picked from commit e02c519cd32a55e6ad39a0cfbeeda775f9115f28)
Resolved conflicts:
crypto/bn/bn_blind.c
Reviewed-by: Paul Dale <paul.dale@oracle.com>
(Merged from https://github.com/openssl/openssl/pull/6942)
---
crypto/bn/bn_blind.c | 63 +++++++++++++++++++++++++++++++-------------
1 file changed, 44 insertions(+), 19 deletions(-)
Index: openssl-0.9.8j/crypto/bn/bn_blind.c
===================================================================
--- openssl-0.9.8j.orig/crypto/bn/bn_blind.c
+++ openssl-0.9.8j/crypto/bn/bn_blind.c
@@ -193,11 +193,17 @@ int BN_BLINDING_update(BN_BLINDING *b, B
if (!BN_BLINDING_create_param(b, NULL, NULL, ctx, NULL, NULL))
goto err;
}
- else if (!(b->flags & BN_BLINDING_NO_UPDATE))
- {
- if (!BN_mod_mul(b->A,b->A,b->A,b->mod,ctx)) goto err;
- if (!BN_mod_mul(b->Ai,b->Ai,b->Ai,b->mod,ctx)) goto err;
+ else if (!(b->flags & BN_BLINDING_NO_UPDATE)) {
+ if (b->m_ctx != NULL) {
+ if (!bn_mul_mont_fixed_top(b->Ai, b->Ai, b->Ai, b->m_ctx, ctx)
+ || !bn_mul_mont_fixed_top(b->A, b->A, b->A, b->m_ctx, ctx))
+ goto err;
+ } else {
+ if (!BN_mod_mul(b->Ai, b->Ai, b->Ai, b->mod, ctx)
+ || !BN_mod_mul(b->A, b->A, b->A, b->mod, ctx))
+ goto err;
}
+ }
ret=1;
err:
@@ -223,13 +229,14 @@ int BN_BLINDING_convert_ex(BIGNUM *n, BI
return(0);
}
- if (r != NULL)
- {
- if (!BN_copy(r, b->Ai)) ret=0;
- }
+ if (r != NULL && (BN_copy(r, b->Ai) == NULL))
+ return 0;
+
+ if (b->m_ctx != NULL)
+ ret = BN_mod_mul_montgomery(n, n, b->A, b->m_ctx, ctx);
+ else
+ ret = BN_mod_mul(n, n, b->A, b->mod, ctx);
- if (!BN_mod_mul(n,n,b->A,b->mod,ctx)) ret=0;
-
return ret;
}
@@ -243,22 +250,31 @@ int BN_BLINDING_invert_ex(BIGNUM *n, con
int ret;
bn_check_top(n);
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
- if (r != NULL)
+ if (r == NULL && (r = b->Ai) == NULL) {
+ BNerr(BN_F_BN_BLINDING_INVERT_EX, BN_R_NOT_INITIALIZED);
+ return 0;
+ }
+ if (b->m_ctx != NULL) {
+ /* ensure that BN_mod_mul_montgomery takes pre-defined path */
+ if (n->dmax >= r->top) {
+ size_t i, rtop = r->top, ntop = n->top;
+ BN_ULONG mask;
+
+ for (i = 0; i < rtop; i++) {
+ mask = (BN_ULONG)0 - ((i - ntop) >> (8 * sizeof(i) - 1));
+ n->d[i] &= mask;
+ }
+ mask = (BN_ULONG)0 - ((rtop - ntop) >> (8 * sizeof(ntop) - 1));
+ /* always true, if (rtop >= ntop) n->top = r->top; */
+ n->top = (int)(rtop & ~mask) | (ntop & mask);
+ n->flags |= (BN_FLG_FIXED_TOP & ~mask);
+ }
+ ret = BN_mod_mul_montgomery(n, n, r, b->m_ctx, ctx);
+ } else {
ret = BN_mod_mul(n, n, r, b->mod, ctx);
- else
- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
+ }
- if (ret >= 0)
- {
- if (!BN_BLINDING_update(b,ctx))
- return(0);
- }
bn_check_top(n);
return(ret);
}
@@ -342,16 +358,19 @@ BN_BLINDING *BN_BLINDING_create_param(BN
break;
} while (1);
- if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL)
- {
+ if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
goto err;
- }
- else
- {
+ } else {
if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
goto err;
- }
+ }
+
+ if (ret->m_ctx != NULL) {
+ if (!bn_to_mont_fixed_top(ret->Ai, ret->Ai, ret->m_ctx, ctx)
+ || !bn_to_mont_fixed_top(ret->A, ret->A, ret->m_ctx, ctx))
+ goto err;
+ }
return ret;
err:
