Deprecate the flags that switch off constant time

The flags RSA_FLAG_NO_CONSTTIME, DSA_FLAG_NO_EXP_CONSTTIME and DH_FLAG_NO_EXP_CONSTTIME which previously provided the ability to switch off the constant time implementation for RSA, DSA and DH have been made no-ops and deprecated. Reviewed-by: Richard Levitte <levitte@openssl.org>
author: Matt Caswell <matt@openssl.org> 2016-05-26 10:55:11 +0100
committer: Matt Caswell <matt@openssl.org> 2016-06-06 11:09:06 +0100
commit: 5584f65a1027b06fe0cfc4be28d1a232cf180e42 (patch)
tree: e1d62f81d9d5a23575e4f4063b47d28e680afcdf /crypto/dh
parent: f943e640efbb5ec30bf57b59468c094083c99eb2 (diff)
1 files changed, 9 insertions, 26 deletions
diff --git a/crypto/dh/dh_key.c b/crypto/dh/dh_key.c
index 9b79f394fc..1644003bd9 100644
--- a/crypto/dh/dh_key.c
+++ b/crypto/dh/dh_key.c
@@ -113,24 +113,18 @@ static int generate_key(DH *dh)
     }
 
     {
-        BIGNUM *local_prk = NULL;
-        BIGNUM *prk;
+        BIGNUM *prk = BN_new();
 
-        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-            local_prk = prk = BN_new();
-            if (local_prk == NULL)
-                goto err;
-            BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
-        } else {
-            prk = priv_key;
-        }
+        if (prk == NULL)
+            goto err;
+        BN_with_flags(prk, priv_key, BN_FLG_CONSTTIME);
 
         if (!dh->meth->bn_mod_exp(dh, pub_key, dh->g, prk, dh->p, ctx, mont)) {
-            BN_free(local_prk);
+            BN_free(prk);
             goto err;
         }
-        /* We MUST free local_prk before any further use of priv_key */
-        BN_free(local_prk);
+        /* We MUST free prk before any further use of priv_key */
+        BN_free(prk);
     }
 
     dh->pub_key = pub_key;
@@ -175,10 +169,7 @@ static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh)
     if (dh->flags & DH_FLAG_CACHE_MONT_P) {
         mont = BN_MONT_CTX_set_locked(&dh->method_mont_p,
                                       dh->lock, dh->p, ctx);
-        if ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) == 0) {
-            /* XXX */
-            BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
-        }
+        BN_set_flags(dh->priv_key, BN_FLG_CONSTTIME);
         if (!mont)
             goto err;
     }
@@ -207,15 +198,7 @@ static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
                          const BIGNUM *a, const BIGNUM *p,
                          const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
 {
-    /*
-     * If a is only one word long and constant time is false, use the faster
-     * exponentiation function.
-     */
-    if (bn_get_top(a) == 1 && ((dh->flags & DH_FLAG_NO_EXP_CONSTTIME) != 0)) {
-        BN_ULONG A = bn_get_words(a)[0];
-        return BN_mod_exp_mont_word(r, A, p, m, ctx, m_ctx);
-    } else
-        return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
+    return BN_mod_exp_mont(r, a, p, m, ctx, m_ctx);
 }
 
 static int dh_init(DH *dh)
author	Matt Caswell <matt@openssl.org>	2016-05-26 10:55:11 +0100
committer	Matt Caswell <matt@openssl.org>	2016-06-06 11:09:06 +0100
commit	5584f65a1027b06fe0cfc4be28d1a232cf180e42 (patch)
tree	e1d62f81d9d5a23575e4f4063b47d28e680afcdf /crypto/dh
parent	f943e640efbb5ec30bf57b59468c094083c99eb2 (diff)