Remove direct calls to BN_mod_exp.
Within the library, we never need to exponentiate modulo an even number.
In fact, all the remaining BN_mod_exp calls are modulo an odd prime.
This extends 617804adc5 to the rest of the
library.
Change-Id: I4273439faa6a516c99673b28f8ae38ddfff7e42d
Reviewed-on: https://boringssl-review.googlesource.com/14024
Commit-Queue: David Benjamin <davidben@google.com>
Reviewed-by: Adam Langley <agl@google.com>
This commit is contained in:
David Benjamin
Adam Langley
parent
ba9557d0ef
commit
591f251bf3
@ -148,7 +148,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
|
|||||||
}
|
}
|
||||||
q->neg = 0;
|
q->neg = 0;
|
||||||
if (!BN_add_word(q, 1) ||
|
if (!BN_add_word(q, 1) ||
|
||||||
!BN_mod_exp(ret, A, q, p, ctx)) {
|
!BN_mod_exp_mont(ret, A, q, p, ctx, NULL)) {
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
err = 0;
|
err = 0;
|
||||||
@ -193,7 +193,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
q->neg = 0;
|
q->neg = 0;
|
||||||
if (!BN_mod_exp(b, t, q, p, ctx)) {
|
if (!BN_mod_exp_mont(b, t, q, p, ctx, NULL)) {
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -281,7 +281,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
|
|||||||
|
|
||||||
/* Now that we have some non-square, we can find an element
|
/* Now that we have some non-square, we can find an element
|
||||||
* of order 2^e by computing its q'th power. */
|
* of order 2^e by computing its q'th power. */
|
||||||
if (!BN_mod_exp(y, y, q, p, ctx)) {
|
if (!BN_mod_exp_mont(y, y, q, p, ctx, NULL)) {
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (BN_is_one(y)) {
|
if (BN_is_one(y)) {
|
||||||
@ -327,7 +327,7 @@ BIGNUM *BN_mod_sqrt(BIGNUM *in, const BIGNUM *a, const BIGNUM *p, BN_CTX *ctx) {
|
|||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
if (!BN_mod_exp(x, A, t, p, ctx)) {
|
if (!BN_mod_exp_mont(x, A, t, p, ctx, NULL)) {
|
||||||
goto end;
|
goto end;
|
||||||
}
|
}
|
||||||
if (BN_is_zero(x)) {
|
if (BN_is_zero(x)) {
|
||||||
|
|||||||
@ -93,7 +93,7 @@ int DH_check_pub_key(const DH *dh, const BIGNUM *pub_key, int *ret) {
|
|||||||
/* Check |pub_key|^|dh->q| is 1 mod |dh->p|. This is necessary for RFC 5114
|
/* Check |pub_key|^|dh->q| is 1 mod |dh->p|. This is necessary for RFC 5114
|
||||||
* groups which are not safe primes but pick a generator on a prime-order
|
* groups which are not safe primes but pick a generator on a prime-order
|
||||||
* subgroup of size |dh->q|. */
|
* subgroup of size |dh->q|. */
|
||||||
if (!BN_mod_exp(tmp, pub_key, dh->q, dh->p, ctx)) {
|
if (!BN_mod_exp_mont(tmp, pub_key, dh->q, dh->p, ctx, NULL)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!BN_is_one(tmp)) {
|
if (!BN_is_one(tmp)) {
|
||||||
@ -145,7 +145,7 @@ int DH_check(const DH *dh, int *ret) {
|
|||||||
*ret |= DH_CHECK_NOT_SUITABLE_GENERATOR;
|
*ret |= DH_CHECK_NOT_SUITABLE_GENERATOR;
|
||||||
} else {
|
} else {
|
||||||
/* Check g^q == 1 mod p */
|
/* Check g^q == 1 mod p */
|
||||||
if (!BN_mod_exp(t1, dh->g, dh->q, dh->p, ctx)) {
|
if (!BN_mod_exp_mont(t1, dh->g, dh->q, dh->p, ctx, NULL)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
if (!BN_is_one(t1)) {
|
if (!BN_is_one(t1)) {
|
||||||
|
|||||||
@ -151,7 +151,8 @@ static int dsa_priv_decode(EVP_PKEY *out, CBS *params, CBS *key) {
|
|||||||
/* Calculate the public key. */
|
/* Calculate the public key. */
|
||||||
ctx = BN_CTX_new();
|
ctx = BN_CTX_new();
|
||||||
if (ctx == NULL ||
|
if (ctx == NULL ||
|
||||||
!BN_mod_exp(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx)) {
|
!BN_mod_exp_mont(dsa->pub_key, dsa->g, dsa->priv_key, dsa->p, ctx,
|
||||||
|
NULL)) {
|
||||||
goto err;
|
goto err;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user