Split out BN_div and BN_mod into ct and nonct versions for Internal use.

ok jsing@

3 files changed, 16 insertions, 12 deletions

diff --git a/lib/libcrypto/rsa/rsa_chk.c b/lib/libcrypto/rsa/rsa_chk.c
index c247a8d80e8..efe9431f2dd 100644
--- a/lib/libcrypto/rsa/rsa_chk.c
+++ b/lib/libcrypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_chk.c,v 1.9 2014/07/10 07:43:11 jsing Exp $ */
+/* $OpenBSD: rsa_chk.c,v 1.10 2017/01/21 10:38:29 beck Exp $ */
 /* ====================================================================
  * Copyright (c) 1999 The OpenSSL Project.  All rights reserved.
  *
@@ -52,6 +52,8 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 
+#include "bn_lcl.h"
+
 int
 RSA_check_key(const RSA *key)
 {
@@ -132,7 +134,7 @@ RSA_check_key(const RSA *key)
 		ret = -1;
 		goto err;
 	}
-	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+	r = BN_div_ct(k, NULL, l, m, ctx); /* remainder is 0 */
 	if (!r) {
 		ret = -1;
 		goto err;
@@ -157,7 +159,7 @@ RSA_check_key(const RSA *key)
 			goto err;
 		}
 
-		r = BN_mod(j, key->d, i, ctx);
+		r = BN_mod_ct(j, key->d, i, ctx);
 		if (!r) {
 			ret = -1;
 			goto err;
@@ -176,7 +178,7 @@ RSA_check_key(const RSA *key)
 			goto err;
 		}
 
-		r = BN_mod(j, key->d, i, ctx);
+		r = BN_mod_ct(j, key->d, i, ctx);
 		if (!r) {
 			ret = -1;
 			goto err;
diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 640ed9a0d6a..c4da147ddfb 100644
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.44 2017/01/21 09:38:59 beck Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.45 2017/01/21 10:38:29 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -770,7 +770,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 	BN_init(&c);
 	BN_with_flags(&c, I, BN_FLG_CONSTTIME);
 
-	if (!BN_mod(r1, &c, rsa->q, ctx))
+	if (!BN_mod_ct(r1, &c, rsa->q, ctx))
 		goto err;
 
 	/* compute r1^dmq1 mod q */
@@ -784,7 +784,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 	/* compute I mod p */
 	BN_with_flags(&c, I, BN_FLG_CONSTTIME);
 
-	if (!BN_mod(r1, &c, rsa->p, ctx))
+	if (!BN_mod_ct(r1, &c, rsa->p, ctx))
 		goto err;
 
 	/* compute r1^dmp1 mod p */
@@ -813,7 +813,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 	BN_init(&pr1);
 	BN_with_flags(&pr1, r1, BN_FLG_CONSTTIME);
 
-	if (!BN_mod(r0, &pr1, rsa->p, ctx))
+	if (!BN_mod_ct(r0, &pr1, rsa->p, ctx))
 		goto err;
 
 	/*
@@ -844,7 +844,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
 		 */
 		if (!BN_sub(vrfy, vrfy, I))
 			goto err;
-		if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
+		if (!BN_mod_ct(vrfy, vrfy, rsa->n, ctx))
 			goto err;
 		if (BN_is_negative(vrfy))
 			if (!BN_add(vrfy, vrfy, rsa->n))
diff --git a/lib/libcrypto/rsa/rsa_gen.c b/lib/libcrypto/rsa/rsa_gen.c
index d46f4f2478f..817f177e963 100644
--- a/lib/libcrypto/rsa/rsa_gen.c
+++ b/lib/libcrypto/rsa/rsa_gen.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_gen.c,v 1.18 2016/06/30 02:02:06 bcook Exp $ */
+/* $OpenBSD: rsa_gen.c,v 1.19 2017/01/21 10:38:29 beck Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -69,6 +69,8 @@
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 
+#include "bn_lcl.h"
+
 static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
 
 /*
@@ -202,11 +204,11 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
 	BN_with_flags(&d, rsa->d, BN_FLG_CONSTTIME);
 
 	/* calculate d mod (p-1) */
-	if (!BN_mod(rsa->dmp1, &d, r1, ctx))
+	if (!BN_mod_ct(rsa->dmp1, &d, r1, ctx))
 		goto err;
 
 	/* calculate d mod (q-1) */
-	if (!BN_mod(rsa->dmq1, &d, r2, ctx))
+	if (!BN_mod_ct(rsa->dmq1, &d, r2, ctx))
 		goto err;
 
 	/* calculate inverse of q mod p */