mirror/openssl
2
0
Fork 0
mirror of https://github.com/openssl/openssl.git synced 2024-11-27 05:21:51 +08:00
Code Issues Packages Projects Releases Wiki Activity

Convert the weak key and key parity tests to be constant time.

Browse Source 
Fixes #16944
Fixes #16859

Reviewed-by: Bernd Edlinger <bernd.edlinger@hotmail.de>
(Merged from https://github.com/openssl/openssl/pull/16953)
This commit is contained in:
Pauli 2021-11-03 10:33:06 +10:00
parent 10cf46c4ef
commit 8db9d07508
1 changed files with 25 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
crypto/des/set_key.c
View File

@ -23,6 +23,8 @@
#include "internal/deprecated.h"
#include <openssl/crypto.h>
#include "internal/constant_time.h"
#include "internal/nelem.h"
#include "des_local.h"
static const unsigned char odd_parity[256] = {
@ -62,15 +64,23 @@ void DES_set_odd_parity(DES_cblock *key)
(*key)[i] = odd_parity[(*key)[i]];
}
/*
* Check that a key has the correct parity.
* Return 1 if parity is okay and 0 if not.
*/
int DES_check_key_parity(const_DES_cblock *key)
{
unsigned int i;
unsigned char res = 0377, b;
for (i = 0; i < DES_KEY_SZ; i++) {
if ((*key)[i] != odd_parity[(*key)[i]])
return 0;
b = (*key)[i];
b ^= b >> 4;
b ^= b >> 2;
b ^= b >> 1;
res &= constant_time_eq_8(b & 1, 1);
}
return 1;
return (int)(res & 1);
}
/*-
@ -81,8 +91,7 @@ int DES_check_key_parity(const_DES_cblock *key)
* %I John Wiley & Sons
* %D 1984
*/
#define NUM_WEAK_KEY 16
static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
static const DES_cblock weak_keys[] = {
/* weak keys */
{0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01, 0x01},
{0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE, 0xFE},
@ -103,14 +112,20 @@ static const DES_cblock weak_keys[NUM_WEAK_KEY] = {
{0xFE, 0xE0, 0xFE, 0xE0, 0xFE, 0xF1, 0xFE, 0xF1}
};
/*
* Check for weak keys.
* Return 1 if the key is weak and 0 otherwise.
*/
int DES_is_weak_key(const_DES_cblock *key)
{
int i;
unsigned int i, res = 0;
int j;
for (i = 0; i < NUM_WEAK_KEY; i++)
if (memcmp(weak_keys[i], key, sizeof(DES_cblock)) == 0)
return 1;
return 0;
for (i = 0; i < OSSL_NELEM(weak_keys); i++) {
j = CRYPTO_memcmp(weak_keys[i], key, sizeof(DES_cblock));
res |= constant_time_is_zero((unsigned int)j);
}
return (int)(res & 1);
}
/*-