summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_eay.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c (renamed from src/lib/libssl/src/fips/rsa/fips_rsa_eay.c)229
1 files changed, 105 insertions, 124 deletions
diff --git a/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 937a14e684..2e1ddd48d3 100644
--- a/src/lib/libssl/src/fips/rsa/fips_rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -110,13 +110,12 @@
110 */ 110 */
111 111
112#include <stdio.h> 112#include <stdio.h>
113#include "cryptlib.h"
113#include <openssl/bn.h> 114#include <openssl/bn.h>
114#include <openssl/rsa.h> 115#include <openssl/rsa.h>
115#include <openssl/rand.h> 116#include <openssl/rand.h>
116#include <openssl/err.h>
117#include <openssl/fips.h>
118 117
119#if !defined(RSA_NULL) && defined(OPENSSL_FIPS) 118#ifndef RSA_NULL
120 119
121static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 120static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
122 unsigned char *to, RSA *rsa,int padding); 121 unsigned char *to, RSA *rsa,int padding);
@@ -139,7 +138,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
139 BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ 138 BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */
140 RSA_eay_init, 139 RSA_eay_init,
141 RSA_eay_finish, 140 RSA_eay_finish,
142 RSA_FLAG_FIPS_METHOD, /* flags */ 141 0, /* flags */
143 NULL, 142 NULL,
144 0, /* rsa_sign */ 143 0, /* rsa_sign */
145 0, /* rsa_verify */ 144 0, /* rsa_verify */
@@ -151,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
151 return(&rsa_pkcs1_eay_meth); 150 return(&rsa_pkcs1_eay_meth);
152 } 151 }
153 152
154/* Usage example;
155 * MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
156 */
157#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
158 if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
159 !BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
160 CRYPTO_LOCK_RSA, \
161 (rsa)->m, (ctx))) \
162 err_instr
163
164static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 153static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
165 unsigned char *to, RSA *rsa, int padding) 154 unsigned char *to, RSA *rsa, int padding)
166 { 155 {
@@ -169,18 +158,6 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
169 unsigned char *buf=NULL; 158 unsigned char *buf=NULL;
170 BN_CTX *ctx=NULL; 159 BN_CTX *ctx=NULL;
171 160
172 if(FIPS_selftest_failed())
173 {
174 FIPSerr(FIPS_F_RSA_EAY_PUBLIC_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
175 goto err;
176 }
177
178 if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
179 {
180 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
181 return -1;
182 }
183
184 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) 161 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
185 { 162 {
186 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); 163 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
@@ -240,13 +217,15 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
240 if (BN_bin2bn(buf,num,f) == NULL) goto err; 217 if (BN_bin2bn(buf,num,f) == NULL) goto err;
241 218
242 if (BN_ucmp(f, rsa->n) >= 0) 219 if (BN_ucmp(f, rsa->n) >= 0)
243 { 220 {
244 /* usually the padding functions would catch this */ 221 /* usually the padding functions would catch this */
245 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 222 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
246 goto err; 223 goto err;
247 } 224 }
248 225
249 MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 226 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
227 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
228 goto err;
250 229
251 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 230 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
252 rsa->_method_mod_n)) goto err; 231 rsa->_method_mod_n)) goto err;
@@ -277,6 +256,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
277{ 256{
278 BN_BLINDING *ret; 257 BN_BLINDING *ret;
279 int got_write_lock = 0; 258 int got_write_lock = 0;
259 CRYPTO_THREADID cur;
280 260
281 CRYPTO_r_lock(CRYPTO_LOCK_RSA); 261 CRYPTO_r_lock(CRYPTO_LOCK_RSA);
282 262
@@ -294,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
294 if (ret == NULL) 274 if (ret == NULL)
295 goto err; 275 goto err;
296 276
297 if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) 277 CRYPTO_THREADID_current(&cur);
278 if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret)))
298 { 279 {
299 /* rsa->blinding is ours! */ 280 /* rsa->blinding is ours! */
300 281
@@ -333,63 +314,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
333 return ret; 314 return ret;
334} 315}
335 316
336static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, 317static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
337 BIGNUM *r, BN_CTX *ctx) 318 BN_CTX *ctx)
338{ 319 {
339 if (local) 320 if (unblind == NULL)
321 /* Local blinding: store the unblinding factor
322 * in BN_BLINDING. */
340 return BN_BLINDING_convert_ex(f, NULL, b, ctx); 323 return BN_BLINDING_convert_ex(f, NULL, b, ctx);
341 else 324 else
342 { 325 {
343 int ret; 326 /* Shared blinding: store the unblinding factor
344 CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); 327 * outside BN_BLINDING. */
345 ret = BN_BLINDING_convert_ex(f, r, b, ctx);
346 CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
347 return ret;
348 }
349}
350
351static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
352 BIGNUM *r, BN_CTX *ctx)
353{
354 if (local)
355 return BN_BLINDING_invert_ex(f, NULL, b, ctx);
356 else
357 {
358 int ret; 328 int ret;
359 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); 329 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
360 ret = BN_BLINDING_invert_ex(f, r, b, ctx); 330 ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
361 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); 331 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
362 return ret; 332 return ret;
363 } 333 }
364} 334 }
335
336static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
337 BN_CTX *ctx)
338 {
339 /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
340 * will use the unblinding factor stored in BN_BLINDING.
341 * If BN_BLINDING is shared between threads, unblind must be non-null:
342 * BN_BLINDING_invert_ex will then use the local unblinding factor,
343 * and will only read the modulus from BN_BLINDING.
344 * In both cases it's safe to access the blinding without a lock.
345 */
346 return BN_BLINDING_invert_ex(f, unblind, b, ctx);
347 }
365 348
366/* signing */ 349/* signing */
367static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 350static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
368 unsigned char *to, RSA *rsa, int padding) 351 unsigned char *to, RSA *rsa, int padding)
369 { 352 {
370 BIGNUM *f, *ret, *br, *res; 353 BIGNUM *f, *ret, *res;
371 int i,j,k,num=0,r= -1; 354 int i,j,k,num=0,r= -1;
372 unsigned char *buf=NULL; 355 unsigned char *buf=NULL;
373 BN_CTX *ctx=NULL; 356 BN_CTX *ctx=NULL;
374 int local_blinding = 0; 357 int local_blinding = 0;
358 /* Used only if the blinding structure is shared. A non-NULL unblind
359 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
360 * the unblinding factor outside the blinding structure. */
361 BIGNUM *unblind = NULL;
375 BN_BLINDING *blinding = NULL; 362 BN_BLINDING *blinding = NULL;
376 363
377 if(FIPS_selftest_failed())
378 {
379 FIPSerr(FIPS_F_RSA_EAY_PRIVATE_ENCRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
380 goto err;
381 }
382
383 if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
384 {
385 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
386 return -1;
387 }
388
389 if ((ctx=BN_CTX_new()) == NULL) goto err; 364 if ((ctx=BN_CTX_new()) == NULL) goto err;
390 BN_CTX_start(ctx); 365 BN_CTX_start(ctx);
391 f = BN_CTX_get(ctx); 366 f = BN_CTX_get(ctx);
392 br = BN_CTX_get(ctx);
393 ret = BN_CTX_get(ctx); 367 ret = BN_CTX_get(ctx);
394 num = BN_num_bytes(rsa->n); 368 num = BN_num_bytes(rsa->n);
395 buf = OPENSSL_malloc(num); 369 buf = OPENSSL_malloc(num);
@@ -437,8 +411,15 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
437 } 411 }
438 412
439 if (blinding != NULL) 413 if (blinding != NULL)
440 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 414 {
415 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
416 {
417 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
418 goto err;
419 }
420 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
441 goto err; 421 goto err;
422 }
442 423
443 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 424 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
444 ((rsa->p != NULL) && 425 ((rsa->p != NULL) &&
@@ -461,16 +442,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
461 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 442 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
462 } 443 }
463 else 444 else
464 d = rsa->d; 445 d= rsa->d;
465 446
466 MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 447 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
448 if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
449 goto err;
467 450
468 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 451 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
469 rsa->_method_mod_n)) goto err; 452 rsa->_method_mod_n)) goto err;
470 } 453 }
471 454
472 if (blinding) 455 if (blinding)
473 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 456 if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
474 goto err; 457 goto err;
475 458
476 if (padding == RSA_X931_PADDING) 459 if (padding == RSA_X931_PADDING)
@@ -509,30 +492,21 @@ err:
509static int RSA_eay_private_decrypt(int flen, const unsigned char *from, 492static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
510 unsigned char *to, RSA *rsa, int padding) 493 unsigned char *to, RSA *rsa, int padding)
511 { 494 {
512 BIGNUM *f, *ret, *br; 495 BIGNUM *f, *ret;
513 int j,num=0,r= -1; 496 int j,num=0,r= -1;
514 unsigned char *p; 497 unsigned char *p;
515 unsigned char *buf=NULL; 498 unsigned char *buf=NULL;
516 BN_CTX *ctx=NULL; 499 BN_CTX *ctx=NULL;
517 int local_blinding = 0; 500 int local_blinding = 0;
501 /* Used only if the blinding structure is shared. A non-NULL unblind
502 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
503 * the unblinding factor outside the blinding structure. */
504 BIGNUM *unblind = NULL;
518 BN_BLINDING *blinding = NULL; 505 BN_BLINDING *blinding = NULL;
519 506
520 if(FIPS_selftest_failed())
521 {
522 FIPSerr(FIPS_F_RSA_EAY_PRIVATE_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
523 goto err;
524 }
525
526 if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
527 {
528 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
529 return -1;
530 }
531
532 if((ctx = BN_CTX_new()) == NULL) goto err; 507 if((ctx = BN_CTX_new()) == NULL) goto err;
533 BN_CTX_start(ctx); 508 BN_CTX_start(ctx);
534 f = BN_CTX_get(ctx); 509 f = BN_CTX_get(ctx);
535 br = BN_CTX_get(ctx);
536 ret = BN_CTX_get(ctx); 510 ret = BN_CTX_get(ctx);
537 num = BN_num_bytes(rsa->n); 511 num = BN_num_bytes(rsa->n);
538 buf = OPENSSL_malloc(num); 512 buf = OPENSSL_malloc(num);
@@ -570,8 +544,15 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
570 } 544 }
571 545
572 if (blinding != NULL) 546 if (blinding != NULL)
573 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 547 {
548 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
549 {
550 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
551 goto err;
552 }
553 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
574 goto err; 554 goto err;
555 }
575 556
576 /* do the decrypt */ 557 /* do the decrypt */
577 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 558 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -596,14 +577,16 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
596 else 577 else
597 d = rsa->d; 578 d = rsa->d;
598 579
599 MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 580 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
581 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
582 goto err;
600 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 583 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
601 rsa->_method_mod_n)) 584 rsa->_method_mod_n))
602 goto err; 585 goto err;
603 } 586 }
604 587
605 if (blinding) 588 if (blinding)
606 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 589 if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
607 goto err; 590 goto err;
608 591
609 p=buf; 592 p=buf;
@@ -656,18 +639,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
656 unsigned char *buf=NULL; 639 unsigned char *buf=NULL;
657 BN_CTX *ctx=NULL; 640 BN_CTX *ctx=NULL;
658 641
659 if(FIPS_selftest_failed())
660 {
661 FIPSerr(FIPS_F_RSA_EAY_PUBLIC_DECRYPT,FIPS_R_FIPS_SELFTEST_FAILED);
662 goto err;
663 }
664
665 if (FIPS_mode() && (BN_num_bits(rsa->n) < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS))
666 {
667 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_KEY_SIZE_TOO_SMALL);
668 return -1;
669 }
670
671 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) 642 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
672 { 643 {
673 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); 644 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
@@ -718,13 +689,15 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
718 goto err; 689 goto err;
719 } 690 }
720 691
721 MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 692 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
693 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
694 goto err;
722 695
723 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 696 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
724 rsa->_method_mod_n)) goto err; 697 rsa->_method_mod_n)) goto err;
725 698
726 if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) 699 if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
727 BN_sub(ret, rsa->n, ret); 700 if (!BN_sub(ret, rsa->n, ret)) goto err;
728 701
729 p=buf; 702 p=buf;
730 i=BN_bn2bin(ret,p); 703 i=BN_bn2bin(ret,p);
@@ -766,7 +739,6 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
766 BIGNUM *r1,*m1,*vrfy; 739 BIGNUM *r1,*m1,*vrfy;
767 BIGNUM local_dmp1,local_dmq1,local_c,local_r1; 740 BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
768 BIGNUM *dmp1,*dmq1,*c,*pr1; 741 BIGNUM *dmp1,*dmq1,*c,*pr1;
769 int bn_flags;
770 int ret=0; 742 int ret=0;
771 743
772 BN_CTX_start(ctx); 744 BN_CTX_start(ctx);
@@ -774,31 +746,41 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
774 m1 = BN_CTX_get(ctx); 746 m1 = BN_CTX_get(ctx);
775 vrfy = BN_CTX_get(ctx); 747 vrfy = BN_CTX_get(ctx);
776 748
777 /* Make sure mod_inverse in montgomerey intialization use correct 749 {
778 * BN_FLG_CONSTTIME flag. 750 BIGNUM local_p, local_q;
779 */ 751 BIGNUM *p = NULL, *q = NULL;
780 bn_flags = rsa->p->flags;
781 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
782 {
783 rsa->p->flags |= BN_FLG_CONSTTIME;
784 }
785 MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
786 /* We restore bn_flags back */
787 rsa->p->flags = bn_flags;
788 752
789 /* Make sure mod_inverse in montgomerey intialization use correct 753 /* Make sure BN_mod_inverse in Montgomery intialization uses the
790 * BN_FLG_CONSTTIME flag. 754 * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
791 */ 755 */
792 bn_flags = rsa->q->flags; 756 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
793 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 757 {
794 { 758 BN_init(&local_p);
795 rsa->q->flags |= BN_FLG_CONSTTIME; 759 p = &local_p;
796 } 760 BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
797 MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
798 /* We restore bn_flags back */
799 rsa->q->flags = bn_flags;
800 761
801 MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 762 BN_init(&local_q);
763 q = &local_q;
764 BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
765 }
766 else
767 {
768 p = rsa->p;
769 q = rsa->q;
770 }
771
772 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
773 {
774 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
775 goto err;
776 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
777 goto err;
778 }
779 }
780
781 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
782 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
783 goto err;
802 784
803 /* compute I mod q */ 785 /* compute I mod q */
804 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 786 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
@@ -915,7 +897,6 @@ err:
915 897
916static int RSA_eay_init(RSA *rsa) 898static int RSA_eay_init(RSA *rsa)
917 { 899 {
918 FIPS_selftest_check();
919 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; 900 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
920 return(1); 901 return(1);
921 } 902 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-12 14:58:30 +0000