diff options
author | Dwayne C. Litzenberger <dlitz@dlitz.net> | 2011-10-10 14:51:07 -0400 |
---|---|---|
committer | Dwayne C. Litzenberger <dlitz@dlitz.net> | 2011-10-10 14:51:07 -0400 |
commit | bf38995ffa51e28b8232e9417b450a8edbd23dec (patch) | |
tree | 7dfa5ffa862d9b47a97c19a027e6673e1567c4c6 /src | |
parent | b5cd39f31bd34598e4b166db83328d71ca2b7b33 (diff) | |
parent | 9cfb332b22e38b9d965bfb691eca67b6b8fa64e3 (diff) | |
download | pycrypto-bf38995ffa51e28b8232e9417b450a8edbd23dec.tar.gz |
Merge branch 'master' into py3k
Conflicts:
setup.py
src/_fastmath.c
Diffstat (limited to 'src')
-rw-r--r-- | src/MD2.c | 1 | ||||
-rw-r--r-- | src/MD4.c | 1 | ||||
-rw-r--r-- | src/RIPEMD160.c | 1 | ||||
-rw-r--r-- | src/SHA256.c | 1 | ||||
-rw-r--r-- | src/_fastmath.c | 32 | ||||
-rw-r--r-- | src/block_template.c | 1 | ||||
-rw-r--r-- | src/config.h.in | 138 | ||||
-rw-r--r-- | src/hash_template.c | 1 | ||||
-rw-r--r-- | src/inc-msvc/config.h | 3 |
9 files changed, 169 insertions, 10 deletions
@@ -33,6 +33,7 @@ #define MODULE_NAME MD2 #define DIGEST_SIZE 16 +#define BLOCK_SIZE 64 typedef unsigned char U8; typedef unsigned int U32; @@ -33,6 +33,7 @@ #define MODULE_NAME MD4 #define DIGEST_SIZE 16 +#define BLOCK_SIZE 64 typedef unsigned int U32; typedef unsigned char U8; diff --git a/src/RIPEMD160.c b/src/RIPEMD160.c index a018d3f..45b4a2c 100644 --- a/src/RIPEMD160.c +++ b/src/RIPEMD160.c @@ -50,6 +50,7 @@ #include "pycrypto_compat.h" #define RIPEMD160_DIGEST_SIZE 20 +#define BLOCK_SIZE 64 #define RIPEMD160_MAGIC 0x9f19dd68u typedef struct { diff --git a/src/SHA256.c b/src/SHA256.c index 117b016..70f0211 100644 --- a/src/SHA256.c +++ b/src/SHA256.c @@ -35,6 +35,7 @@ #include "pycrypto_compat.h" #define MODULE_NAME SHA256 #define DIGEST_SIZE 32 +#define BLOCK_SIZE 64 typedef unsigned char U8; #ifdef __alpha__ diff --git a/src/_fastmath.c b/src/_fastmath.c index 3b81a6b..f8e6f6a 100644 --- a/src/_fastmath.c +++ b/src/_fastmath.c @@ -32,6 +32,18 @@ #include "pycrypto_compat.h" #include <longintrepr.h> /* for conversions */ #include <gmp.h> +#include "config.h" + +/* If available, use mpz_powm_sec to avoid timing attacks. + * See the talk by Geremy Condra - + * "PyCon 2011: Through the Side Channel: Timing and Implementation Attacks in Python" + * http://blip.tv/pycon-us-videos-2009-2010-2011/pycon-2011-through-the-side-channel-timing-and-implementation-attacks-in-python-4897955 + */ +#if HAVE_DECL_MPZ_POWM_SEC == 1 +#define MPZ_POWM mpz_powm_sec +#else +#define MPZ_POWM mpz_powm +#endif #define SIEVE_BASE_SIZE (sizeof (sieve_base) / sizeof (sieve_base[0])) @@ -172,7 +184,7 @@ dsaSign (dsaKey * key, mpz_t m, mpz_t k, mpz_t r, mpz_t s) return 1; } mpz_init (temp); - mpz_powm_sec (r, key->g, k, key->p); + MPZ_POWM (r, key->g, k, key->p); mpz_mod (r, r, key->q); mpz_invert (s, k, key->q); mpz_mul (temp, key->x, r); @@ -201,8 +213,8 @@ dsaVerify (dsaKey * key, mpz_t m, mpz_t r, mpz_t s) mpz_mod (u1, u1, key->q); mpz_mul (u2, r, w); mpz_mod (u2, u2, key->q); - mpz_powm_sec (v1, key->g, u1, key->p); - mpz_powm_sec (v2, key->y, u2, key->p); + MPZ_POWM (v1, key->g, u1, key->p); + MPZ_POWM (v2, key->y, u2, key->p); mpz_mul (w, v1, v2); mpz_mod (w, w, key->p); mpz_mod (w, w, key->q); @@ -226,7 +238,7 @@ rsaEncrypt (rsaKey * key, mpz_t v) { return 1; } - mpz_powm_sec (v, v, key->e, key->n); + MPZ_POWM (v, v, key->e, key->n); return 0; } @@ -254,11 +266,11 @@ rsaDecrypt (rsaKey * key, mpz_t v) /* m1 = c ^ (d mod (p-1)) mod p */ mpz_sub_ui(h, key->p, 1); mpz_fdiv_r(h, key->d, h); - mpz_powm_sec(m1, v, h, key->p); + MPZ_POWM(m1, v, h, key->p); /* m2 = c ^ (d mod (q-1)) mod q */ mpz_sub_ui(h, key->q, 1); mpz_fdiv_r(h, key->d, h); - mpz_powm_sec(m2, v, h, key->q); + MPZ_POWM(m2, v, h, key->q); /* h = u * ( m2 - m1 ) mod q */ mpz_sub(h, m2, m1); if (mpz_sgn(h)==-1) @@ -277,7 +289,7 @@ rsaDecrypt (rsaKey * key, mpz_t v) } /* slow */ - mpz_powm_sec (v, v, key->d, key->n); + MPZ_POWM (v, v, key->d, key->n); return 0; } @@ -292,7 +304,7 @@ rsaBlind (rsaKey * key, mpz_t v, mpz_t b) { return 2; } - mpz_powm_sec (b, b, key->e, key->n); + MPZ_POWM (b, b, key->e, key->n); mpz_mul (v, v, b); mpz_mod (v, v, key->n); return 0; @@ -1249,7 +1261,7 @@ rabinMillerTest (mpz_t n, int rounds, PyObject *randfunc) } } while (base_was_tested); mpz_init_set (tested[i], a); - mpz_powm_sec (z, a, m, n); + MPZ_POWM (z, a, m, n); if ((mpz_cmp_ui (z, 1) == 0) || (mpz_cmp (z, n_1) == 0)) continue; composite = 1; @@ -1571,6 +1583,8 @@ init_fastmath (void) fastmathError = PyErr_NewException ("_fastmath.error", NULL, NULL); PyDict_SetItemString (_fastmath_dict, "error", fastmathError); + PyModule_AddIntConstant(_fastmath_module, "HAVE_DECL_MPZ_POWM_SEC", HAVE_DECL_MPZ_POWM_SEC); + #ifdef IS_PY3K return _fastmath_module; #endif diff --git a/src/block_template.c b/src/block_template.c index 91247b2..559e582 100644 --- a/src/block_template.c +++ b/src/block_template.c @@ -229,7 +229,6 @@ ALGnew(PyObject *self, PyObject *args, PyObject *kwdict) block_init(&(new->st), key, keylen); if (PyErr_Occurred()) { - Py_XDECREF(counter); Py_DECREF(new); return NULL; } diff --git a/src/config.h.in b/src/config.h.in new file mode 100644 index 0000000..b71dd4e --- /dev/null +++ b/src/config.h.in @@ -0,0 +1,138 @@ +/* src/config.h.in. Generated from configure.ac by autoheader. */ + +/* Define to 1 if you have the declaration of `mpz_powm', and to 0 if you + don't. */ +#undef HAVE_DECL_MPZ_POWM + +/* Define to 1 if you have the declaration of `mpz_powm_sec', and to 0 if you + don't. */ +#undef HAVE_DECL_MPZ_POWM_SEC + +/* Define to 1 if you have the <inttypes.h> header file. */ +#undef HAVE_INTTYPES_H + +/* Define to 1 if you have the `' library (-l). */ +#undef HAVE_LIB + +/* Define to 1 if you have the <limits.h> header file. */ +#undef HAVE_LIMITS_H + +/* Define to 1 if your system has a GNU libc compatible `malloc' function, and + to 0 otherwise. */ +#undef HAVE_MALLOC + +/* Define to 1 if you have the `memmove' function. */ +#undef HAVE_MEMMOVE + +/* Define to 1 if you have the <memory.h> header file. */ +#undef HAVE_MEMORY_H + +/* Define to 1 if you have the `memset' function. */ +#undef HAVE_MEMSET + +/* Define to 1 if you have the <stddef.h> header file. */ +#undef HAVE_STDDEF_H + +/* Define to 1 if you have the <stdint.h> header file. */ +#undef HAVE_STDINT_H + +/* Define to 1 if you have the <stdlib.h> header file. */ +#undef HAVE_STDLIB_H + +/* Define to 1 if you have the <strings.h> header file. */ +#undef HAVE_STRINGS_H + +/* Define to 1 if you have the <string.h> header file. */ +#undef HAVE_STRING_H + +/* Define to 1 if you have the <sys/stat.h> header file. */ +#undef HAVE_SYS_STAT_H + +/* Define to 1 if you have the <sys/types.h> header file. */ +#undef HAVE_SYS_TYPES_H + +/* Define to 1 if you have the <unistd.h> header file. */ +#undef HAVE_UNISTD_H + +/* Define to 1 if you have the <wchar.h> header file. */ +#undef HAVE_WCHAR_H + +/* Define to the address where bug reports for this package should be sent. */ +#undef PACKAGE_BUGREPORT + +/* Define to the full name of this package. */ +#undef PACKAGE_NAME + +/* Define to the full name and version of this package. */ +#undef PACKAGE_STRING + +/* Define to the one symbol short name of this package. */ +#undef PACKAGE_TARNAME + +/* Define to the home page for this package. */ +#undef PACKAGE_URL + +/* Define to the version of this package. */ +#undef PACKAGE_VERSION + +/* Define to 1 if you have the ANSI C header files. */ +#undef STDC_HEADERS + +/* Define for Solaris 2.5.1 so the uint32_t typedef from <sys/synch.h>, + <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +#undef _UINT32_T + +/* Define for Solaris 2.5.1 so the uint64_t typedef from <sys/synch.h>, + <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +#undef _UINT64_T + +/* Define for Solaris 2.5.1 so the uint8_t typedef from <sys/synch.h>, + <pthread.h>, or <semaphore.h> is not used. If the typedef were allowed, the + #define below would cause a syntax error. */ +#undef _UINT8_T + +/* Define to `__inline__' or `__inline' if that's what the C compiler + calls it, or to nothing if 'inline' is not supported under any name. */ +#ifndef __cplusplus +#undef inline +#endif + +/* Define to the type of a signed integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +#undef int16_t + +/* Define to the type of a signed integer type of width exactly 32 bits if + such a type exists and the standard includes do not define it. */ +#undef int32_t + +/* Define to the type of a signed integer type of width exactly 64 bits if + such a type exists and the standard includes do not define it. */ +#undef int64_t + +/* Define to the type of a signed integer type of width exactly 8 bits if such + a type exists and the standard includes do not define it. */ +#undef int8_t + +/* Define to rpl_malloc if the replacement function should be used. */ +#undef malloc + +/* Define to `unsigned int' if <sys/types.h> does not define. */ +#undef size_t + +/* Define to the type of an unsigned integer type of width exactly 16 bits if + such a type exists and the standard includes do not define it. */ +#undef uint16_t + +/* Define to the type of an unsigned integer type of width exactly 32 bits if + such a type exists and the standard includes do not define it. */ +#undef uint32_t + +/* Define to the type of an unsigned integer type of width exactly 64 bits if + such a type exists and the standard includes do not define it. */ +#undef uint64_t + +/* Define to the type of an unsigned integer type of width exactly 8 bits if + such a type exists and the standard includes do not define it. */ +#undef uint8_t diff --git a/src/hash_template.c b/src/hash_template.c index 7bb9139..35c9bf5 100644 --- a/src/hash_template.c +++ b/src/hash_template.c @@ -348,6 +348,7 @@ _MODULE_NAME (void) /* Add some symbolic constants to the module */ PyModule_AddIntConstant(m, "digest_size", DIGEST_SIZE); + PyModule_AddIntConstant(m, "block_size", BLOCK_SIZE); /* Check for errors */ if (PyErr_Occurred()) diff --git a/src/inc-msvc/config.h b/src/inc-msvc/config.h new file mode 100644 index 0000000..19ced1d --- /dev/null +++ b/src/inc-msvc/config.h @@ -0,0 +1,3 @@ +/* Define to 1 if you have the declaration of `mpz_powm_sec', and to 0 if you + don't. */ +#define HAVE_DECL_MPZ_POWM_SEC 0 |