1/* crypto/rsa/rsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
| 1/* crypto/rsa/rsa_lib.c */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved.
4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
|
8 *
| 8 *
|
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
| 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
|
15 *
| 15 *
|
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
| 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
|
22 *
| 22 *
|
23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
| 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions
25 * are met:
26 * 1. Redistributions of source code must retain the copyright
27 * notice, this list of conditions and the following disclaimer.
28 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the
30 * documentation and/or other materials provided with the distribution.
31 * 3. All advertising materials mentioning features or use of this software
32 * must display the following acknowledgement:
33 * "This product includes cryptographic software written by
34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-).
|
37 * 4. If you include any Windows specific code (or a derivative thereof) from
| 37 * 4. If you include any Windows specific code (or a derivative thereof) from
|
38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
| 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
|
40 *
| 40 *
|
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
| 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE.
|
52 *
| 52 *
|
53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/lhash.h>
63#include <openssl/bn.h>
64#include <openssl/rsa.h>
65#include <openssl/rand.h>
66#ifndef OPENSSL_NO_ENGINE
| 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence
56 * [including the GNU Public Licence.]
57 */
58
59#include <stdio.h>
60#include <openssl/crypto.h>
61#include "cryptlib.h"
62#include <openssl/lhash.h>
63#include <openssl/bn.h>
64#include <openssl/rsa.h>
65#include <openssl/rand.h>
66#ifndef OPENSSL_NO_ENGINE
|
67#include
| 67# include <openssl/engine.h>
|
68#endif
69
70int RSA_size(const RSA *r)
| 68#endif
69
70int RSA_size(const RSA *r)
|
71 {
72 return(BN_num_bytes(r->n));
73 }
| 71{
72 return (BN_num_bytes(r->n));
73}
|
74
75int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
| 74
75int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
|
76 RSA *rsa, int padding)
77 {
| 76 RSA *rsa, int padding)
77{
|
78#ifdef OPENSSL_FIPS
| 78#ifdef OPENSSL_FIPS
|
79 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
80 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
81 {
82 RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
83 return -1;
84 }
| 79 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
80 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
81 RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
82 return -1;
83 }
|
85#endif
| 84#endif
|
86 return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
87 }
| 85 return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
86}
|
88
| 87
|
89int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
90 RSA *rsa, int padding)
91 {
| 88int RSA_private_encrypt(int flen, const unsigned char *from,
89 unsigned char *to, RSA *rsa, int padding)
90{
|
92#ifdef OPENSSL_FIPS
| 91#ifdef OPENSSL_FIPS
|
93 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
94 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
95 {
96 RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
97 return -1;
98 }
| 92 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
93 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
94 RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
95 return -1;
96 }
|
99#endif
| 97#endif
|
100 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
101 }
| 98 return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
99}
|
102
| 100
|
103int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
104 RSA *rsa, int padding)
105 {
| 101int RSA_private_decrypt(int flen, const unsigned char *from,
102 unsigned char *to, RSA *rsa, int padding)
103{
|
106#ifdef OPENSSL_FIPS
| 104#ifdef OPENSSL_FIPS
|
107 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
108 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
109 {
110 RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
111 return -1;
112 }
| 105 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
106 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
107 RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
108 return -1;
109 }
|
113#endif
| 110#endif
|
114 return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
115 }
| 111 return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
112}
|
116
117int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
| 113
114int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
|
118 RSA *rsa, int padding)
119 {
| 115 RSA *rsa, int padding)
116{
|
120#ifdef OPENSSL_FIPS
| 117#ifdef OPENSSL_FIPS
|
121 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
122 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
123 {
124 RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
125 return -1;
126 }
| 118 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
119 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
120 RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
121 return -1;
122 }
|
127#endif
| 123#endif
|
128 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
129 }
| 124 return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
125}
|
130
131int RSA_flags(const RSA *r)
| 126
127int RSA_flags(const RSA *r)
|
132 {
133 return((r == NULL)?0:r->meth->flags);
134 }
| 128{
129 return ((r == NULL) ? 0 : r->meth->flags);
130}
|
135
136void RSA_blinding_off(RSA *rsa)
| 131
132void RSA_blinding_off(RSA *rsa)
|
137 {
138 if (rsa->blinding != NULL)
139 {
140 BN_BLINDING_free(rsa->blinding);
141 rsa->blinding=NULL;
142 }
143 rsa->flags &= ~RSA_FLAG_BLINDING;
144 rsa->flags |= RSA_FLAG_NO_BLINDING;
145 }
| 133{
134 if (rsa->blinding != NULL) {
135 BN_BLINDING_free(rsa->blinding);
136 rsa->blinding = NULL;
137 }
138 rsa->flags &= ~RSA_FLAG_BLINDING;
139 rsa->flags |= RSA_FLAG_NO_BLINDING;
140}
|
146
147int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
| 141
142int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
|
148 {
149 int ret=0;
| 143{
144 int ret = 0;
|
150
| 145
|
151 if (rsa->blinding != NULL)
152 RSA_blinding_off(rsa);
| 146 if (rsa->blinding != NULL)
147 RSA_blinding_off(rsa);
|
153
| 148
|
154 rsa->blinding = RSA_setup_blinding(rsa, ctx);
155 if (rsa->blinding == NULL)
156 goto err;
| 149 rsa->blinding = RSA_setup_blinding(rsa, ctx);
150 if (rsa->blinding == NULL)
151 goto err;
|
157
| 152
|
158 rsa->flags |= RSA_FLAG_BLINDING;
159 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
160 ret=1;
161err:
162 return(ret);
163 }
| 153 rsa->flags |= RSA_FLAG_BLINDING;
154 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
155 ret = 1;
156 err:
157 return (ret);
158}
|
164
165static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
| 159
160static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
|
166 const BIGNUM *q, BN_CTX *ctx)
| 161 const BIGNUM *q, BN_CTX *ctx)
|
167{
| 162{
|
168 BIGNUM *ret = NULL, *r0, *r1, *r2;
| 163 BIGNUM *ret = NULL, *r0, *r1, *r2;
|
169
| 164
|
170 if (d == NULL || p == NULL || q == NULL)
171 return NULL;
| 165 if (d == NULL || p == NULL || q == NULL)
166 return NULL;
|
172
| 167
|
173 BN_CTX_start(ctx);
174 r0 = BN_CTX_get(ctx);
175 r1 = BN_CTX_get(ctx);
176 r2 = BN_CTX_get(ctx);
177 if (r2 == NULL)
178 goto err;
| 168 BN_CTX_start(ctx);
169 r0 = BN_CTX_get(ctx);
170 r1 = BN_CTX_get(ctx);
171 r2 = BN_CTX_get(ctx);
172 if (r2 == NULL)
173 goto err;
|
179
| 174
|
180 if (!BN_sub(r1, p, BN_value_one())) goto err;
181 if (!BN_sub(r2, q, BN_value_one())) goto err;
182 if (!BN_mul(r0, r1, r2, ctx)) goto err;
| 175 if (!BN_sub(r1, p, BN_value_one()))
176 goto err;
177 if (!BN_sub(r2, q, BN_value_one()))
178 goto err;
179 if (!BN_mul(r0, r1, r2, ctx))
180 goto err;
|
183
| 181
|
184 ret = BN_mod_inverse(NULL, d, r0, ctx);
185err:
186 BN_CTX_end(ctx);
187 return ret;
| 182 ret = BN_mod_inverse(NULL, d, r0, ctx);
183 err:
184 BN_CTX_end(ctx);
185 return ret;
|
188}
189
190BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
191{
| 186}
187
188BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
189{
|
192 BIGNUM local_n;
193 BIGNUM *e,*n;
194 BN_CTX *ctx;
195 BN_BLINDING *ret = NULL;
| 190 BIGNUM local_n;
191 BIGNUM *e, *n;
192 BN_CTX *ctx;
193 BN_BLINDING *ret = NULL;
|
196
| 194
|
197 if (in_ctx == NULL)
198 {
199 if ((ctx = BN_CTX_new()) == NULL) return 0;
200 }
201 else
202 ctx = in_ctx;
| 195 if (in_ctx == NULL) {
196 if ((ctx = BN_CTX_new()) == NULL)
197 return 0;
198 } else
199 ctx = in_ctx;
|
203
| 200
|
204 BN_CTX_start(ctx);
205 e = BN_CTX_get(ctx);
206 if (e == NULL)
207 {
208 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
209 goto err;
210 }
| 201 BN_CTX_start(ctx);
202 e = BN_CTX_get(ctx);
203 if (e == NULL) {
204 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
205 goto err;
206 }
|
211
| 207
|
212 if (rsa->e == NULL)
213 {
214 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
215 if (e == NULL)
216 {
217 RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
218 goto err;
219 }
220 }
221 else
222 e = rsa->e;
| 208 if (rsa->e == NULL) {
209 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
210 if (e == NULL) {
211 RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
212 goto err;
213 }
214 } else
215 e = rsa->e;
|
223
| 216
|
224
225 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
226 {
227 /* if PRNG is not properly seeded, resort to secret
228 * exponent as unpredictable seed */
229 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
230 }
| 217 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
218 /*
219 * if PRNG is not properly seeded, resort to secret exponent as
220 * unpredictable seed
221 */
222 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
223 }
|
231
| 224
|
232 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
233 {
234 /* Set BN_FLG_CONSTTIME flag */
235 n = &local_n;
236 BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
237 }
238 else
239 n = rsa->n;
| 225 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
226 /* Set BN_FLG_CONSTTIME flag */
227 n = &local_n;
228 BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
229 } else
230 n = rsa->n;
|
240
| 231
|
241 ret = BN_BLINDING_create_param(NULL, e, n, ctx,
242 rsa->meth->bn_mod_exp, rsa->_method_mod_n);
243 if (ret == NULL)
244 {
245 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
246 goto err;
247 }
248 CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
249err:
250 BN_CTX_end(ctx);
251 if (in_ctx == NULL)
252 BN_CTX_free(ctx);
253 if(rsa->e == NULL)
254 BN_free(e);
| 232 ret = BN_BLINDING_create_param(NULL, e, n, ctx,
233 rsa->meth->bn_mod_exp, rsa->_method_mod_n);
234 if (ret == NULL) {
235 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
236 goto err;
237 }
238 CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
239 err:
240 BN_CTX_end(ctx);
241 if (in_ctx == NULL)
242 BN_CTX_free(ctx);
243 if (rsa->e == NULL)
244 BN_free(e);
|
255
| 245
|
256 return ret;
| 246 return ret;
|
257}
| 247}
|