diff options
| author | Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | 2015-05-06 09:49:41 -0400 |
|---|---|---|
| committer | Mathieu Trudel-Lapierre <mathieu.trudel-lapierre@canonical.com> | 2015-05-06 09:49:41 -0400 |
| commit | a14921c5944c340056312f2f5b1728d698f628b1 (patch) | |
| tree | 110242b91b3ade02e586bd65b9aedb05511bd34a /Cryptlib/OpenSSL/crypto/bn | |
| parent | 72bb39c0237f8bcc3afa8b623e8b097eec6d69cd (diff) | |
| parent | 7361f67dbd7f7fe98a807d3d12f90a87262124d6 (diff) | |
| download | efi-boot-shim-a14921c5944c340056312f2f5b1728d698f628b1.tar.gz efi-boot-shim-a14921c5944c340056312f2f5b1728d698f628b1.zip | |
Import upstream version 0.8
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/bn')
29 files changed, 95 insertions, 37 deletions
diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_add.c b/Cryptlib/OpenSSL/crypto/bn/bn_add.c index 94051637..94051637 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_add.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_add.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c index 99bc2de4..99bc2de4 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_asm.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_asm.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c index ca7f996b..ca7f996b 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_blind.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_blind.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_const.c b/Cryptlib/OpenSSL/crypto/bn/bn_const.c index eb60a25b..eb60a25b 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_const.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_const.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c index b3452f1a..b3452f1a 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_ctx.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c index 27535e4f..27535e4f 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_depr.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_depr.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_div.c b/Cryptlib/OpenSSL/crypto/bn/bn_div.c index 78c65071..78c65071 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_div.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_div.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_err.c b/Cryptlib/OpenSSL/crypto/bn/bn_err.c index cfe2eb94..cfe2eb94 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_err.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_err.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c index d9b6c737..d9b6c737 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_exp.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c index bd0c34b9..bd0c34b9 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_exp2.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c index 4a352119..4a352119 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_gcd.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c index 5d90f1e8..28f1fa8f 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_gf2m.c @@ -1095,3 +1095,54 @@ int BN_GF2m_arr2poly(const unsigned int p[], BIGNUM *a) return 1; } +/* + * Constant-time conditional swap of a and b. + * a and b are swapped if condition is not 0. The code assumes that at most one bit of condition is set. + * nwords is the number of words to swap. The code assumes that at least nwords are allocated in both a and b, + * and that no more than nwords are used by either a or b. + * a and b cannot be the same number + */ +void BN_consttime_swap(BN_ULONG condition, BIGNUM *a, BIGNUM *b, int nwords) + { + BN_ULONG t; + int i; + + bn_wcheck_size(a, nwords); + bn_wcheck_size(b, nwords); + + assert(a != b); + assert((condition & (condition - 1)) == 0); + assert(sizeof(BN_ULONG) >= sizeof(int)); + + condition = ((condition - 1) >> (BN_BITS2 - 1)) - 1; + + t = (a->top^b->top) & condition; + a->top ^= t; + b->top ^= t; + +#define BN_CONSTTIME_SWAP(ind) \ + do { \ + t = (a->d[ind] ^ b->d[ind]) & condition; \ + a->d[ind] ^= t; \ + b->d[ind] ^= t; \ + } while (0) + + + switch (nwords) { + default: + for (i = 10; i < nwords; i++) + BN_CONSTTIME_SWAP(i); + /* Fallthrough */ + case 10: BN_CONSTTIME_SWAP(9); /* Fallthrough */ + case 9: BN_CONSTTIME_SWAP(8); /* Fallthrough */ + case 8: BN_CONSTTIME_SWAP(7); /* Fallthrough */ + case 7: BN_CONSTTIME_SWAP(6); /* Fallthrough */ + case 6: BN_CONSTTIME_SWAP(5); /* Fallthrough */ + case 5: BN_CONSTTIME_SWAP(4); /* Fallthrough */ + case 4: BN_CONSTTIME_SWAP(3); /* Fallthrough */ + case 3: BN_CONSTTIME_SWAP(2); /* Fallthrough */ + case 2: BN_CONSTTIME_SWAP(1); /* Fallthrough */ + case 1: BN_CONSTTIME_SWAP(0); + } +#undef BN_CONSTTIME_SWAP +} diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c index 740359b7..740359b7 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_kron.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_kron.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c index 32a8fbaf..c288844a 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_lib.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_lib.c @@ -320,6 +320,15 @@ static BN_ULONG *bn_expand_internal(const BIGNUM *b, int words) BNerr(BN_F_BN_EXPAND_INTERNAL,ERR_R_MALLOC_FAILURE); return(NULL); } +#ifdef PURIFY + /* Valgrind complains in BN_consttime_swap because we process the whole + * array even if it's not initialised yet. This doesn't matter in that + * function - what's important is constant time operation (we're not + * actually going to use the data) + */ + memset(a, 0, sizeof(BN_ULONG)*words); +#endif + #if 1 B=b->d; /* Check if the previous number needs to be copied */ diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c index 77d6ddb9..77d6ddb9 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mod.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mod.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c index 4799b152..27cafb1f 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mont.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mont.c @@ -701,32 +701,38 @@ BN_MONT_CTX *BN_MONT_CTX_copy(BN_MONT_CTX *to, BN_MONT_CTX *from) BN_MONT_CTX *BN_MONT_CTX_set_locked(BN_MONT_CTX **pmont, int lock, const BIGNUM *mod, BN_CTX *ctx) { - int got_write_lock = 0; BN_MONT_CTX *ret; CRYPTO_r_lock(lock); - if (!*pmont) + ret = *pmont; + CRYPTO_r_unlock(lock); + if (ret) + return ret; + + /* We don't want to serialise globally while doing our lazy-init math in + * BN_MONT_CTX_set. That punishes threads that are doing independent + * things. Instead, punish the case where more than one thread tries to + * lazy-init the same 'pmont', by having each do the lazy-init math work + * independently and only use the one from the thread that wins the race + * (the losers throw away the work they've done). */ + ret = BN_MONT_CTX_new(); + if (!ret) + return NULL; + if (!BN_MONT_CTX_set(ret, mod, ctx)) { - CRYPTO_r_unlock(lock); - CRYPTO_w_lock(lock); - got_write_lock = 1; + BN_MONT_CTX_free(ret); + return NULL; + } - if (!*pmont) - { - ret = BN_MONT_CTX_new(); - if (ret && !BN_MONT_CTX_set(ret, mod, ctx)) - BN_MONT_CTX_free(ret); - else - *pmont = ret; - } + /* The locked compare-and-set, after the local work is done. */ + CRYPTO_w_lock(lock); + if (*pmont) + { + BN_MONT_CTX_free(ret); + ret = *pmont; } - - ret = *pmont; - - if (got_write_lock) - CRYPTO_w_unlock(lock); else - CRYPTO_r_unlock(lock); - + *pmont = ret; + CRYPTO_w_unlock(lock); return ret; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c index a054d21a..a054d21a 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mpi.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c index 12e5be80..12e5be80 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_mul.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_mul.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c index 2ca5b013..2ca5b013 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_nist.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_nist.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c index 21cbb38f..21cbb38f 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_opt.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_opt.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c index 7b25979d..7b25979d 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_prime.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_prime.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_print.c b/Cryptlib/OpenSSL/crypto/bn/bn_print.c index 810dde34..810dde34 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_print.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_print.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c index b376c28f..b376c28f 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_rand.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_rand.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c index 2e8efb8d..2e8efb8d 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_recp.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_recp.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c index c4d301af..c4d301af 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_shift.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_shift.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c index 270d0cd3..65bbf165 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqr.c @@ -77,6 +77,7 @@ int BN_sqr(BIGNUM *r, const BIGNUM *a, BN_CTX *ctx) if (al <= 0) { r->top=0; + r->neg = 0; return 1; } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c index 6beaf9e5..6beaf9e5 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_sqrt.c diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_word.c b/Cryptlib/OpenSSL/crypto/bn/bn_word.c index ee7b87c4..de83a15b 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_word.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_word.c @@ -144,26 +144,17 @@ int BN_add_word(BIGNUM *a, BN_ULONG w) a->neg=!(a->neg); return(i); } - /* Only expand (and risk failing) if it's possibly necessary */ - if (((BN_ULONG)(a->d[a->top - 1] + 1) == 0) && - (bn_wexpand(a,a->top+1) == NULL)) - return(0); - i=0; - for (;;) + for (i=0;w!=0 && i<a->top;i++) { - if (i >= a->top) - l=w; - else - l=(a->d[i]+w)&BN_MASK2; - a->d[i]=l; - if (w > l) - w=1; - else - break; - i++; + a->d[i] = l = (a->d[i]+w)&BN_MASK2; + w = (w>l)?1:0; } - if (i >= a->top) + if (w && i==a->top) + { + if (bn_wexpand(a,a->top+1) == NULL) return 0; a->top++; + a->d[i]=w; + } bn_check_top(a); return(1); } diff --git a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c index 04c5c874..04c5c874 100755..100644 --- a/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c +++ b/Cryptlib/OpenSSL/crypto/bn/bn_x931p.c |