1 /* crypto/rsa/rsa_eay.c */
115 #include <openssl/rsa.h>
121 		unsigned char *to, RSA *rsa,int padding);
123 		unsigned char *to, RSA *rsa,int padding);
125 		unsigned char *to, RSA *rsa,int padding);
127 		unsigned char *to, RSA *rsa,int padding);
128 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
129 static int RSA_eay_init(RSA *rsa);
130 static int RSA_eay_finish(RSA *rsa);
154  *    MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
156 #define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
157 	if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
158 			!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
160 				(rsa)->m, (ctx))) \
164 	     unsigned char *to, RSA *rsa, int padding)
171 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
177 	if (BN_ucmp(rsa->n, rsa->e) <= 0)
184 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
186 		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
197 	num=BN_num_bytes(rsa->n);
229 	if (BN_ucmp(f, rsa->n) >= 0)
236 	MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
238 	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
239 		rsa->_method_mod_n)) goto err;
263 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
270 	if (rsa->blinding == NULL)
276 		if (rsa->blinding == NULL)
277 			rsa->blinding = RSA_setup_blinding(rsa, ctx);
280 	ret = rsa->blinding;
286 		/* rsa->blinding is ours! */
292 		/* resort to rsa->mt_blinding instead */
300 		if (rsa->mt_blinding == NULL)
309 			if (rsa->mt_blinding == NULL)
310 				rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
312 		ret = rsa->mt_blinding;
355 	     unsigned char *to, RSA *rsa, int padding)
369 	num = BN_num_bytes(rsa->n);
397 	if (BN_ucmp(f, rsa->n) >= 0)
404 	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
406 		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
418 	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
419 		((rsa->p != NULL) &&
420 		(rsa->q != NULL) &&
421 		(rsa->dmp1 != NULL) &&
422 		(rsa->dmq1 != NULL) &&
423 		(rsa->iqmp != NULL)) )
425 		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
432 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
436 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
439 			d = rsa->d;
441 		MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
443 		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
444 				rsa->_method_mod_n)) goto err;
453 		BN_sub(f, rsa->n, ret);
485 	     unsigned char *to, RSA *rsa, int padding)
500 	num = BN_num_bytes(rsa->n);
519 	if (BN_ucmp(f, rsa->n) >= 0)
525 	if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
527 		blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
540 	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
541 		((rsa->p != NULL) &&
542 		(rsa->q != NULL) &&
543 		(rsa->dmp1 != NULL) &&
544 		(rsa->dmq1 != NULL) &&
545 		(rsa->iqmp != NULL)) )
547 		if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
554 		if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
557 			BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
560 			d = rsa->d;
562 		MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
563 		if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
564 				rsa->_method_mod_n))
614 	     unsigned char *to, RSA *rsa, int padding)
622 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
628 	if (BN_ucmp(rsa->n, rsa->e) <= 0)
635 	if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
637 		if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
648 	num=BN_num_bytes(rsa->n);
666 	if (BN_ucmp(f, rsa->n) >= 0)
672 	MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
674 	if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
675 		rsa->_method_mod_n)) goto err;
678 		BN_sub(ret, rsa->n, ret);
715 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
727 	MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
728 	MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
729 	MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
731 	if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
732 	if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
735 		BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
738 		dmq1 = rsa->dmq1;
739 	if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx,
740 		rsa->_method_mod_q)) goto err;
742 	if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
743 	if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
746 		BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
749 		dmp1 = rsa->dmp1;
750 	if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx,
751 		rsa->_method_mod_p)) goto err;
757 		if (!BN_add(r0,r0,rsa->p)) goto err;
759 	if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err;
760 	if (!BN_mod(r0,r1,rsa->p,ctx)) goto err;
769 		if (!BN_add(r0,r0,rsa->p)) goto err;
770 	if (!BN_mul(r1,r0,rsa->q,ctx)) goto err;
773 	if (rsa->e && rsa->n)
775 		if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err;
776 		/* If 'I' was greater than (or equal to) rsa->n, the operation
781 		if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err;
783 			if (!BN_add(vrfy, vrfy, rsa->n)) goto err;
793 			if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
796 				BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
799 				d = rsa->d;
800 			if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
801 						   rsa->_method_mod_n)) goto err;
810 static int RSA_eay_init(RSA *rsa)
812 	rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
816 static int RSA_eay_finish(RSA *rsa)
818 	if (rsa->_method_mod_n != NULL)
819 		BN_MONT_CTX_free(rsa->_method_mod_n);
820 	if (rsa->_method_mod_p != NULL)
821 		BN_MONT_CTX_free(rsa->_method_mod_p);
822 	if (rsa->_method_mod_q != NULL)
823 		BN_MONT_CTX_free(rsa->_method_mod_q);

Indexes created Wed Sep 11 23:09:49 MDT 2024