rsa_lib.c (120635) | rsa_lib.c (160817) |
---|---|
1/* crypto/rsa/rsa_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 41 unchanged lines hidden (view full) --- 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ | 1/* crypto/rsa/rsa_lib.c */ 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3 * All rights reserved. 4 * 5 * This package is an SSL implementation written 6 * by Eric Young (eay@cryptsoft.com). 7 * The implementation was written so as to conform with Netscapes SSL. 8 * --- 41 unchanged lines hidden (view full) --- 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51 * SUCH DAMAGE. 52 * 53 * The licence and distribution terms for any publically available version or 54 * derivative of this code cannot be changed. i.e. this code cannot simply be 55 * copied and put under another distribution licence 56 * [including the GNU Public Licence.] 57 */ |
58/* $FreeBSD: head/crypto/openssl/crypto/rsa/rsa_lib.c 120635 2003-10-01 12:37:51Z nectar $ */ | 58/* $FreeBSD: head/crypto/openssl/crypto/rsa/rsa_lib.c 160817 2006-07-29 19:14:51Z simon $ */ |
59 60#include <stdio.h> 61#include <openssl/crypto.h> 62#include "cryptlib.h" 63#include <openssl/lhash.h> 64#include <openssl/bn.h> 65#include <openssl/rsa.h> 66#include <openssl/rand.h> --- 111 unchanged lines hidden (view full) --- 178 ret->dmp1=NULL; 179 ret->dmq1=NULL; 180 ret->iqmp=NULL; 181 ret->references=1; 182 ret->_method_mod_n=NULL; 183 ret->_method_mod_p=NULL; 184 ret->_method_mod_q=NULL; 185 ret->blinding=NULL; | 59 60#include <stdio.h> 61#include <openssl/crypto.h> 62#include "cryptlib.h" 63#include <openssl/lhash.h> 64#include <openssl/bn.h> 65#include <openssl/rsa.h> 66#include <openssl/rand.h> --- 111 unchanged lines hidden (view full) --- 178 ret->dmp1=NULL; 179 ret->dmq1=NULL; 180 ret->iqmp=NULL; 181 ret->references=1; 182 ret->_method_mod_n=NULL; 183 ret->_method_mod_p=NULL; 184 ret->_method_mod_q=NULL; 185 ret->blinding=NULL; |
186 ret->mt_blinding=NULL; |
|
186 ret->bignum_data=NULL; 187 ret->flags=ret->meth->flags; 188 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 189 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 190 { 191#ifndef OPENSSL_NO_ENGINE 192 if (ret->engine) 193 ENGINE_finish(ret->engine); --- 37 unchanged lines hidden (view full) --- 231 if (r->e != NULL) BN_clear_free(r->e); 232 if (r->d != NULL) BN_clear_free(r->d); 233 if (r->p != NULL) BN_clear_free(r->p); 234 if (r->q != NULL) BN_clear_free(r->q); 235 if (r->dmp1 != NULL) BN_clear_free(r->dmp1); 236 if (r->dmq1 != NULL) BN_clear_free(r->dmq1); 237 if (r->iqmp != NULL) BN_clear_free(r->iqmp); 238 if (r->blinding != NULL) BN_BLINDING_free(r->blinding); | 187 ret->bignum_data=NULL; 188 ret->flags=ret->meth->flags; 189 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 190 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 191 { 192#ifndef OPENSSL_NO_ENGINE 193 if (ret->engine) 194 ENGINE_finish(ret->engine); --- 37 unchanged lines hidden (view full) --- 232 if (r->e != NULL) BN_clear_free(r->e); 233 if (r->d != NULL) BN_clear_free(r->d); 234 if (r->p != NULL) BN_clear_free(r->p); 235 if (r->q != NULL) BN_clear_free(r->q); 236 if (r->dmp1 != NULL) BN_clear_free(r->dmp1); 237 if (r->dmq1 != NULL) BN_clear_free(r->dmq1); 238 if (r->iqmp != NULL) BN_clear_free(r->iqmp); 239 if (r->blinding != NULL) BN_BLINDING_free(r->blinding); |
240 if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); |
|
239 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); 240 OPENSSL_free(r); 241 } 242 243int RSA_up_ref(RSA *r) 244 { 245 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); 246#ifdef REF_PRINT --- 66 unchanged lines hidden (view full) --- 313 { 314 BN_BLINDING_free(rsa->blinding); 315 rsa->blinding=NULL; 316 } 317 rsa->flags &= ~RSA_FLAG_BLINDING; 318 rsa->flags |= RSA_FLAG_NO_BLINDING; 319 } 320 | 241 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); 242 OPENSSL_free(r); 243 } 244 245int RSA_up_ref(RSA *r) 246 { 247 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); 248#ifdef REF_PRINT --- 66 unchanged lines hidden (view full) --- 315 { 316 BN_BLINDING_free(rsa->blinding); 317 rsa->blinding=NULL; 318 } 319 rsa->flags &= ~RSA_FLAG_BLINDING; 320 rsa->flags |= RSA_FLAG_NO_BLINDING; 321 } 322 |
321int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) | 323int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) |
322 { | 324 { |
323 BIGNUM *A,*Ai = NULL; 324 BN_CTX *ctx; | |
325 int ret=0; 326 | 325 int ret=0; 326 |
327 if (p_ctx == NULL) | 327 if (rsa->blinding != NULL) 328 RSA_blinding_off(rsa); 329 330 rsa->blinding = RSA_setup_blinding(rsa, ctx); 331 if (rsa->blinding == NULL) 332 goto err; 333 334 rsa->flags |= RSA_FLAG_BLINDING; 335 rsa->flags &= ~RSA_FLAG_NO_BLINDING; 336 ret=1; 337err: 338 return(ret); 339 } 340 341static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, 342 const BIGNUM *q, BN_CTX *ctx) 343{ 344 BIGNUM *ret = NULL, *r0, *r1, *r2; 345 346 if (d == NULL || p == NULL || q == NULL) 347 return NULL; 348 349 BN_CTX_start(ctx); 350 r0 = BN_CTX_get(ctx); 351 r1 = BN_CTX_get(ctx); 352 r2 = BN_CTX_get(ctx); 353 if (r2 == NULL) 354 goto err; 355 356 if (!BN_sub(r1, p, BN_value_one())) goto err; 357 if (!BN_sub(r2, q, BN_value_one())) goto err; 358 if (!BN_mul(r0, r1, r2, ctx)) goto err; 359 360 ret = BN_mod_inverse(NULL, d, r0, ctx); 361err: 362 BN_CTX_end(ctx); 363 return ret; 364} 365 366BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) 367{ 368 BIGNUM *e; 369 BN_CTX *ctx; 370 BN_BLINDING *ret = NULL; 371 372 if (in_ctx == NULL) |
328 { | 373 { |
329 if ((ctx=BN_CTX_new()) == NULL) goto err; | 374 if ((ctx = BN_CTX_new()) == NULL) return 0; |
330 } 331 else | 375 } 376 else |
332 ctx=p_ctx; | 377 ctx = in_ctx; |
333 | 378 |
334 /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ 335 if (rsa->blinding != NULL) | 379 BN_CTX_start(ctx); 380 e = BN_CTX_get(ctx); 381 if (e == NULL) |
336 { | 382 { |
337 BN_BLINDING_free(rsa->blinding); 338 rsa->blinding = NULL; | 383 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); 384 goto err; |
339 } 340 | 385 } 386 |
341 /* NB: similar code appears in setup_blinding (rsa_eay.c); 342 * this should be placed in a new function of its own, but for reasons 343 * of binary compatibility can't */ 344 345 BN_CTX_start(ctx); 346 A = BN_CTX_get(ctx); 347 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) | 387 if (rsa->e == NULL) |
348 { | 388 { |
349 /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */ 350 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0); 351 if (!BN_pseudo_rand_range(A,rsa->n)) goto err; | 389 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); 390 if (e == NULL) 391 { 392 RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); 393 goto err; 394 } |
352 } 353 else | 395 } 396 else |
397 e = rsa->e; 398 399 400 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) |
|
354 { | 401 { |
355 if (!BN_rand_range(A,rsa->n)) goto err; | 402 /* if PRNG is not properly seeded, resort to secret 403 * exponent as unpredictable seed */ 404 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); |
356 } | 405 } |
357 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; | |
358 | 406 |
359 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) | 407 ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx, 408 rsa->meth->bn_mod_exp, rsa->_method_mod_n); 409 if (ret == NULL) 410 { 411 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); |
360 goto err; | 412 goto err; |
361 if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; 362 /* to make things thread-safe without excessive locking, 363 * rsa->blinding will be used just by the current thread: */ 364 rsa->blinding->thread_id = CRYPTO_thread_id(); 365 rsa->flags |= RSA_FLAG_BLINDING; 366 rsa->flags &= ~RSA_FLAG_NO_BLINDING; 367 ret=1; | 413 } 414 BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); |
368err: | 415err: |
369 if (Ai != NULL) BN_free(Ai); | |
370 BN_CTX_end(ctx); | 416 BN_CTX_end(ctx); |
371 if (ctx != p_ctx) BN_CTX_free(ctx); 372 return(ret); 373 } | 417 if (in_ctx == NULL) 418 BN_CTX_free(ctx); 419 if(rsa->e == NULL) 420 BN_free(e); |
374 | 421 |
422 return ret; 423} 424 |
|
375int RSA_memory_lock(RSA *r) 376 { 377 int i,j,k,off; 378 char *p; 379 BIGNUM *bn,**t[6],*b; 380 BN_ULONG *ul; 381 382 if (r->d == NULL) return(1); --- 5 unchanged lines hidden (view full) --- 388 t[5]= &r->iqmp; 389 k=sizeof(BIGNUM)*6; 390 off=k/sizeof(BN_ULONG)+1; 391 j=1; 392 for (i=0; i<6; i++) 393 j+= (*t[i])->top; 394 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) 395 { | 425int RSA_memory_lock(RSA *r) 426 { 427 int i,j,k,off; 428 char *p; 429 BIGNUM *bn,**t[6],*b; 430 BN_ULONG *ul; 431 432 if (r->d == NULL) return(1); --- 5 unchanged lines hidden (view full) --- 438 t[5]= &r->iqmp; 439 k=sizeof(BIGNUM)*6; 440 off=k/sizeof(BN_ULONG)+1; 441 j=1; 442 for (i=0; i<6; i++) 443 j+= (*t[i])->top; 444 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) 445 { |
396 RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); | 446 RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); |
397 return(0); 398 } 399 bn=(BIGNUM *)p; 400 ul=(BN_ULONG *)&(p[off]); 401 for (i=0; i<6; i++) 402 { 403 b= *(t[i]); 404 *(t[i])= &(bn[i]); --- 14 unchanged lines hidden --- | 447 return(0); 448 } 449 bn=(BIGNUM *)p; 450 ul=(BN_ULONG *)&(p[off]); 451 for (i=0; i<6; i++) 452 { 453 b= *(t[i]); 454 *(t[i])= &(bn[i]); --- 14 unchanged lines hidden --- |