Move RSA blinding API from rsa_crpt.c to rsa_blinding.c

2 files changed, 102 insertions, 102 deletions

diff --git a/src/lib/libcrypto/rsa/rsa_blinding.c b/src/lib/libcrypto/rsa/rsa_blinding.c
index bc267b1c51..e6fd67242d 100644
--- a/src/lib/libcrypto/rsa/rsa_blinding.c
+++ b/src/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_blinding.c,v 1.1 2023/08/09 09:23:03 tb Exp $ */
+/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -259,3 +259,103 @@ BN_BLINDING_thread_id(BN_BLINDING *b)
 {
         return &b->tid;
 }
+
+static BIGNUM *
+rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
+    BN_CTX *ctx)
+{
+        BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+        if (d == NULL || p == NULL || q == NULL)
+                return NULL;
+
+        BN_CTX_start(ctx);
+        if ((r0 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((r1 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+        if ((r2 = BN_CTX_get(ctx)) == NULL)
+                goto err;
+
+        if (!BN_sub(r1, p, BN_value_one()))
+                goto err;
+        if (!BN_sub(r2, q, BN_value_one()))
+                goto err;
+        if (!BN_mul(r0, r1, r2, ctx))
+                goto err;
+
+        ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
+err:
+        BN_CTX_end(ctx);
+        return ret;
+}
+
+BN_BLINDING *
+RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+        BIGNUM *e = NULL;
+        BIGNUM n;
+        BN_CTX *ctx = NULL;
+        BN_BLINDING *ret = NULL;
+
+        if ((ctx = in_ctx) == NULL)
+                ctx = BN_CTX_new();
+        if (ctx == NULL)
+                goto err;
+
+        BN_CTX_start(ctx);
+
+        if ((e = rsa->e) == NULL)
+                e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+        if (e == NULL) {
+                RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
+                goto err;
+        }
+
+        BN_init(&n);
+        BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
+
+        if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
+            rsa->_method_mod_n)) == NULL) {
+                RSAerror(ERR_R_BN_LIB);
+                goto err;
+        }
+        CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
+
+ err:
+        BN_CTX_end(ctx);
+        if (ctx != in_ctx)
+                BN_CTX_free(ctx);
+        if (e != rsa->e)
+                BN_free(e);
+
+        return ret;
+}
+
+void
+RSA_blinding_off(RSA *rsa)
+{
+        BN_BLINDING_free(rsa->blinding);
+        rsa->blinding = NULL;
+        rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+LCRYPTO_ALIAS(RSA_blinding_off);
+
+int
+RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+        int ret = 0;
+
+        if (rsa->blinding != NULL)
+                RSA_blinding_off(rsa);
+
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+        if (rsa->blinding == NULL)
+                goto err;
+
+        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+        ret = 1;
+err:
+        return (ret);
+}
+LCRYPTO_ALIAS(RSA_blinding_on);
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index fcf29f121e..2a23c1bb88 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.27 2023/08/09 09:25:13 tb Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.28 2023/08/09 09:26:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,103 +125,3 @@ RSA_flags(const RSA *r)
         return r == NULL ? 0 : r->meth->flags;
 }
 LCRYPTO_ALIAS(RSA_flags);
-
-static BIGNUM *
-rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
-    BN_CTX *ctx)
-{
-        BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-        if (d == NULL || p == NULL || q == NULL)
-                return NULL;
-
-        BN_CTX_start(ctx);
-        if ((r0 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((r1 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-        if ((r2 = BN_CTX_get(ctx)) == NULL)
-                goto err;
-
-        if (!BN_sub(r1, p, BN_value_one()))
-                goto err;
-        if (!BN_sub(r2, q, BN_value_one()))
-                goto err;
-        if (!BN_mul(r0, r1, r2, ctx))
-                goto err;
-
-        ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
-err:
-        BN_CTX_end(ctx);
-        return ret;
-}
-
-BN_BLINDING *
-RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-        BIGNUM *e = NULL;
-        BIGNUM n;
-        BN_CTX *ctx = NULL;
-        BN_BLINDING *ret = NULL;
-
-        if ((ctx = in_ctx) == NULL)
-                ctx = BN_CTX_new();
-        if (ctx == NULL)
-                goto err;
-
-        BN_CTX_start(ctx);
-
-        if ((e = rsa->e) == NULL)
-                e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-        if (e == NULL) {
-                RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
-                goto err;
-        }
-
-        BN_init(&n);
-        BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
-
-        if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
-            rsa->_method_mod_n)) == NULL) {
-                RSAerror(ERR_R_BN_LIB);
-                goto err;
-        }
-        CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
-
- err:
-        BN_CTX_end(ctx);
-        if (ctx != in_ctx)
-                BN_CTX_free(ctx);
-        if (e != rsa->e)
-                BN_free(e);
-
-        return ret;
-}
-
-void
-RSA_blinding_off(RSA *rsa)
-{
-        BN_BLINDING_free(rsa->blinding);
-        rsa->blinding = NULL;
-        rsa->flags |= RSA_FLAG_NO_BLINDING;
-}
-LCRYPTO_ALIAS(RSA_blinding_off);
-
-int
-RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-{
-        int ret = 0;
-
-        if (rsa->blinding != NULL)
-                RSA_blinding_off(rsa);
-
-        rsa->blinding = RSA_setup_blinding(rsa, ctx);
-        if (rsa->blinding == NULL)
-                goto err;
-
-        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-        ret = 1;
-err:
-        return (ret);
-}
-LCRYPTO_ALIAS(RSA_blinding_on);