Skip to content

T
Third Party Openssl

OpenHarmony / Third Party Openssl
9 个月 前同步成功

通知 8
Star 18
Fork 1
T
Third Party Openssl

前往新版Gitcode,体验更适合开发者的 AI 搜索 >>

提交 262dccc0 编写于 作者: B Billy Brumley 提交者: Matt Caswell
浏览文件
操作

[crypto/ec] remove blinding to support even orders 

Reviewed-by: NAndy Polyakov <appro@openssl.org>
Reviewed-by: NMatt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/6116)
上级 c11d372b
隐藏空白更改
内联 并排
Showing with 11 addition and 30 deletion
crypto/ec/ec_lib.c
浏览文件 @ 262dccc0
...@@ -1020,7 +1020,7 @@ int ec_group_simple_order_bits(const EC_GROUP *group) ...@@ -1020,7 +1020,7 @@ int ec_group_simple_order_bits(const EC_GROUP *group)
static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
BIGNUM *x, BN_CTX *ctx) BIGNUM *x, BN_CTX *ctx)
{ {
BIGNUM *exp = NULL; BIGNUM *e = NULL;
BN_CTX *new_ctx = NULL; BN_CTX *new_ctx = NULL;
int ret = 0; int ret = 0;
...@@ -1028,8 +1028,7 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, ...@@ -1028,8 +1028,7 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
return 0; return 0;
BN_CTX_start(ctx); BN_CTX_start(ctx);
exp = BN_CTX_get(ctx); if ((e = BN_CTX_get(ctx)) == NULL)
if (exp == NULL)
goto err; goto err;
/* Check if optimized inverse is implemented */ /* Check if optimized inverse is implemented */
...@@ -1038,48 +1037,30 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r, ...@@ -1038,48 +1037,30 @@ static int ec_field_inverse_mod_ord(const EC_GROUP *group, BIGNUM *r,
* We want inverse in constant time, therefore we utilize the fact * We want inverse in constant time, therefore we utilize the fact
* order must be prime and use Fermats Little Theorem instead. * order must be prime and use Fermats Little Theorem instead.
*/ */
if (!BN_set_word(exp, 2)) if (!BN_set_word(e, 2))
goto err; goto err;
if (!BN_sub(exp, group->order, exp)) if (!BN_sub(e, group->order, e))
goto err; goto err;
/*- /*-
* Exponent X is public. * Exponent e is public.
* No need for scatter-gather or BN_FLG_CONSTTIME. * No need for scatter-gather or BN_FLG_CONSTTIME.
*/ */
if (!BN_mod_exp_mont(r, x, exp, group->order, ctx, group->mont_data)) if (!BN_mod_exp_mont(r, x, e, group->order, ctx, group->mont_data))
goto err; goto err;
/* Inverse of zero doesn't exist. Let the fallback catch it. */ /* Inverse of zero doesn't exist. Let the fallback catch it. */
if (BN_is_zero(r)) ret = (BN_is_zero(r)) ? 0 : 1;
ret = 0;
else
ret = 1;
} }
/*- /* Fallback to classic inverse */
* Fallback to classic inverse, blinded.
* BN_FLG_CONSTTIME is a don't care here.
*/
if (ret == 0) { if (ret == 0) {
do { if (!BN_mod_inverse(r, x, group->order, ctx))
if (!BN_priv_rand_range(exp, group->order))
goto err;
} while (BN_is_zero(exp));
/* r := x * exp */
if (!BN_mod_mul(r, x, exp, group->order, ctx))
goto err;
/* r := 1/(x * exp) */
if (!BN_mod_inverse(r, r, group->order, ctx))
goto err; goto err;
/* r := exp/(x * exp) = 1/x */
if (!BN_mod_mul(r, r, exp, group->order, ctx))
goto err;
ret = 1; ret = 1;
} }
err: err:
BN_CTX_end(ctx); if (ctx != NULL)
BN_CTX_end(ctx);
BN_CTX_free(new_ctx); BN_CTX_free(new_ctx);
return ret; return ret;
} }
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册