diff options
| author | djm <> | 2012-10-13 21:25:14 +0000 |
|---|---|---|
| committer | djm <> | 2012-10-13 21:25:14 +0000 |
| commit | 93723b50b639d8dc717bc1bf463fd46e1b321239 (patch) | |
| tree | 281e0a29ae8f87a8c47fbd4deaa1f3d48b8cc5c1 /src/lib/libcrypto/rsa/rsa_lib.c | |
| parent | 65e72ac55a6405783db7a12d7e35a7561d46005b (diff) | |
| download | openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.gz openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.tar.bz2 openbsd-93723b50b639d8dc717bc1bf463fd46e1b321239.zip | |
resolve conflicts
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_lib.c')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_lib.c | 172 |
1 files changed, 11 insertions, 161 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c index de45088d76..c95ceafc82 100644 --- a/src/lib/libcrypto/rsa/rsa_lib.c +++ b/src/lib/libcrypto/rsa/rsa_lib.c | |||
| @@ -67,6 +67,10 @@ | |||
| 67 | #include <openssl/engine.h> | 67 | #include <openssl/engine.h> |
| 68 | #endif | 68 | #endif |
| 69 | 69 | ||
| 70 | #ifdef OPENSSL_FIPS | ||
| 71 | #include <openssl/fips.h> | ||
| 72 | #endif | ||
| 73 | |||
| 70 | const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; | 74 | const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; |
| 71 | 75 | ||
| 72 | static const RSA_METHOD *default_RSA_meth=NULL; | 76 | static const RSA_METHOD *default_RSA_meth=NULL; |
| @@ -87,12 +91,15 @@ const RSA_METHOD *RSA_get_default_method(void) | |||
| 87 | { | 91 | { |
| 88 | if (default_RSA_meth == NULL) | 92 | if (default_RSA_meth == NULL) |
| 89 | { | 93 | { |
| 94 | #ifdef OPENSSL_FIPS | ||
| 95 | if (FIPS_mode()) | ||
| 96 | return FIPS_rsa_pkcs1_ssleay(); | ||
| 97 | else | ||
| 98 | return RSA_PKCS1_SSLeay(); | ||
| 99 | #else | ||
| 90 | #ifdef RSA_NULL | 100 | #ifdef RSA_NULL |
| 91 | default_RSA_meth=RSA_null_method(); | 101 | default_RSA_meth=RSA_null_method(); |
| 92 | #else | 102 | #else |
| 93 | #if 0 /* was: #ifdef RSAref */ | ||
| 94 | default_RSA_meth=RSA_PKCS1_RSAref(); | ||
| 95 | #else | ||
| 96 | default_RSA_meth=RSA_PKCS1_SSLeay(); | 103 | default_RSA_meth=RSA_PKCS1_SSLeay(); |
| 97 | #endif | 104 | #endif |
| 98 | #endif | 105 | #endif |
| @@ -181,7 +188,7 @@ RSA *RSA_new_method(ENGINE *engine) | |||
| 181 | ret->blinding=NULL; | 188 | ret->blinding=NULL; |
| 182 | ret->mt_blinding=NULL; | 189 | ret->mt_blinding=NULL; |
| 183 | ret->bignum_data=NULL; | 190 | ret->bignum_data=NULL; |
| 184 | ret->flags=ret->meth->flags; | 191 | ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; |
| 185 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) | 192 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) |
| 186 | { | 193 | { |
| 187 | #ifndef OPENSSL_NO_ENGINE | 194 | #ifndef OPENSSL_NO_ENGINE |
| @@ -280,163 +287,6 @@ void *RSA_get_ex_data(const RSA *r, int idx) | |||
| 280 | return(CRYPTO_get_ex_data(&r->ex_data,idx)); | 287 | return(CRYPTO_get_ex_data(&r->ex_data,idx)); |
| 281 | } | 288 | } |
| 282 | 289 | ||
| 283 | int RSA_size(const RSA *r) | ||
| 284 | { | ||
| 285 | return(BN_num_bytes(r->n)); | ||
| 286 | } | ||
| 287 | |||
| 288 | int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, | ||
| 289 | RSA *rsa, int padding) | ||
| 290 | { | ||
| 291 | return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); | ||
| 292 | } | ||
| 293 | |||
| 294 | int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, | ||
| 295 | RSA *rsa, int padding) | ||
| 296 | { | ||
| 297 | return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); | ||
| 298 | } | ||
| 299 | |||
| 300 | int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to, | ||
| 301 | RSA *rsa, int padding) | ||
| 302 | { | ||
| 303 | return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); | ||
| 304 | } | ||
| 305 | |||
| 306 | int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, | ||
| 307 | RSA *rsa, int padding) | ||
| 308 | { | ||
| 309 | return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); | ||
| 310 | } | ||
| 311 | |||
| 312 | int RSA_flags(const RSA *r) | ||
| 313 | { | ||
| 314 | return((r == NULL)?0:r->meth->flags); | ||
| 315 | } | ||
| 316 | |||
| 317 | void RSA_blinding_off(RSA *rsa) | ||
| 318 | { | ||
| 319 | if (rsa->blinding != NULL) | ||
| 320 | { | ||
| 321 | BN_BLINDING_free(rsa->blinding); | ||
| 322 | rsa->blinding=NULL; | ||
| 323 | } | ||
| 324 | rsa->flags &= ~RSA_FLAG_BLINDING; | ||
| 325 | rsa->flags |= RSA_FLAG_NO_BLINDING; | ||
| 326 | } | ||
| 327 | |||
| 328 | int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) | ||
| 329 | { | ||
| 330 | int ret=0; | ||
| 331 | |||
| 332 | if (rsa->blinding != NULL) | ||
| 333 | RSA_blinding_off(rsa); | ||
| 334 | |||
| 335 | rsa->blinding = RSA_setup_blinding(rsa, ctx); | ||
| 336 | if (rsa->blinding == NULL) | ||
| 337 | goto err; | ||
| 338 | |||
| 339 | rsa->flags |= RSA_FLAG_BLINDING; | ||
| 340 | rsa->flags &= ~RSA_FLAG_NO_BLINDING; | ||
| 341 | ret=1; | ||
| 342 | err: | ||
| 343 | return(ret); | ||
| 344 | } | ||
| 345 | |||
| 346 | static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, | ||
| 347 | const BIGNUM *q, BN_CTX *ctx) | ||
| 348 | { | ||
| 349 | BIGNUM *ret = NULL, *r0, *r1, *r2; | ||
| 350 | |||
| 351 | if (d == NULL || p == NULL || q == NULL) | ||
| 352 | return NULL; | ||
| 353 | |||
| 354 | BN_CTX_start(ctx); | ||
| 355 | r0 = BN_CTX_get(ctx); | ||
| 356 | r1 = BN_CTX_get(ctx); | ||
| 357 | r2 = BN_CTX_get(ctx); | ||
| 358 | if (r2 == NULL) | ||
| 359 | goto err; | ||
| 360 | |||
| 361 | if (!BN_sub(r1, p, BN_value_one())) goto err; | ||
| 362 | if (!BN_sub(r2, q, BN_value_one())) goto err; | ||
| 363 | if (!BN_mul(r0, r1, r2, ctx)) goto err; | ||
| 364 | |||
| 365 | ret = BN_mod_inverse(NULL, d, r0, ctx); | ||
| 366 | err: | ||
| 367 | BN_CTX_end(ctx); | ||
| 368 | return ret; | ||
| 369 | } | ||
| 370 | |||
| 371 | BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) | ||
| 372 | { | ||
| 373 | BIGNUM local_n; | ||
| 374 | BIGNUM *e,*n; | ||
| 375 | BN_CTX *ctx; | ||
| 376 | BN_BLINDING *ret = NULL; | ||
| 377 | |||
| 378 | if (in_ctx == NULL) | ||
| 379 | { | ||
| 380 | if ((ctx = BN_CTX_new()) == NULL) return 0; | ||
| 381 | } | ||
| 382 | else | ||
| 383 | ctx = in_ctx; | ||
| 384 | |||
| 385 | BN_CTX_start(ctx); | ||
| 386 | e = BN_CTX_get(ctx); | ||
| 387 | if (e == NULL) | ||
| 388 | { | ||
| 389 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); | ||
| 390 | goto err; | ||
| 391 | } | ||
| 392 | |||
| 393 | if (rsa->e == NULL) | ||
| 394 | { | ||
| 395 | e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); | ||
| 396 | if (e == NULL) | ||
| 397 | { | ||
| 398 | RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); | ||
| 399 | goto err; | ||
| 400 | } | ||
| 401 | } | ||
| 402 | else | ||
| 403 | e = rsa->e; | ||
| 404 | |||
| 405 | |||
| 406 | if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) | ||
| 407 | { | ||
| 408 | /* if PRNG is not properly seeded, resort to secret | ||
| 409 | * exponent as unpredictable seed */ | ||
| 410 | RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); | ||
| 411 | } | ||
| 412 | |||
| 413 | if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) | ||
| 414 | { | ||
| 415 | /* Set BN_FLG_CONSTTIME flag */ | ||
| 416 | n = &local_n; | ||
| 417 | BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); | ||
| 418 | } | ||
| 419 | else | ||
| 420 | n = rsa->n; | ||
| 421 | |||
| 422 | ret = BN_BLINDING_create_param(NULL, e, n, ctx, | ||
| 423 | rsa->meth->bn_mod_exp, rsa->_method_mod_n); | ||
| 424 | if (ret == NULL) | ||
| 425 | { | ||
| 426 | RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); | ||
| 427 | goto err; | ||
| 428 | } | ||
| 429 | CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); | ||
| 430 | err: | ||
| 431 | BN_CTX_end(ctx); | ||
| 432 | if (in_ctx == NULL) | ||
| 433 | BN_CTX_free(ctx); | ||
| 434 | if(rsa->e == NULL) | ||
| 435 | BN_free(e); | ||
| 436 | |||
| 437 | return ret; | ||
| 438 | } | ||
| 439 | |||
| 440 | int RSA_memory_lock(RSA *r) | 290 | int RSA_memory_lock(RSA *r) |
| 441 | { | 291 | { |
| 442 | int i,j,k,off; | 292 | int i,j,k,off; |