diff options
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_eay.c')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_eay.c | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index c5eaeeae6b..04ec789ee9 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -115,7 +115,7 @@ | |||
| 115 | #include <openssl/rsa.h> | 115 | #include <openssl/rsa.h> |
| 116 | #include <openssl/rand.h> | 116 | #include <openssl/rand.h> |
| 117 | 117 | ||
| 118 | #ifndef RSA_NULL | 118 | #if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) |
| 119 | 119 | ||
| 120 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | 120 | static int RSA_eay_public_encrypt(int flen, const unsigned char *from, |
| 121 | unsigned char *to, RSA *rsa,int padding); | 121 | unsigned char *to, RSA *rsa,int padding); |
| @@ -256,7 +256,6 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) | |||
| 256 | { | 256 | { |
| 257 | BN_BLINDING *ret; | 257 | BN_BLINDING *ret; |
| 258 | int got_write_lock = 0; | 258 | int got_write_lock = 0; |
| 259 | CRYPTO_THREADID cur; | ||
| 260 | 259 | ||
| 261 | CRYPTO_r_lock(CRYPTO_LOCK_RSA); | 260 | CRYPTO_r_lock(CRYPTO_LOCK_RSA); |
| 262 | 261 | ||
| @@ -274,8 +273,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) | |||
| 274 | if (ret == NULL) | 273 | if (ret == NULL) |
| 275 | goto err; | 274 | goto err; |
| 276 | 275 | ||
| 277 | CRYPTO_THREADID_current(&cur); | 276 | if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) |
| 278 | if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) | ||
| 279 | { | 277 | { |
| 280 | /* rsa->blinding is ours! */ | 278 | /* rsa->blinding is ours! */ |
| 281 | 279 | ||
| @@ -355,6 +353,28 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 355 | int local_blinding = 0; | 353 | int local_blinding = 0; |
| 356 | BN_BLINDING *blinding = NULL; | 354 | BN_BLINDING *blinding = NULL; |
| 357 | 355 | ||
| 356 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) | ||
| 357 | { | ||
| 358 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); | ||
| 359 | return -1; | ||
| 360 | } | ||
| 361 | |||
| 362 | if (BN_ucmp(rsa->n, rsa->e) <= 0) | ||
| 363 | { | ||
| 364 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 365 | return -1; | ||
| 366 | } | ||
| 367 | |||
| 368 | /* for large moduli, enforce exponent limit */ | ||
| 369 | if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) | ||
| 370 | { | ||
| 371 | if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) | ||
| 372 | { | ||
| 373 | RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); | ||
| 374 | return -1; | ||
| 375 | } | ||
| 376 | } | ||
| 377 | |||
| 358 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 378 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 359 | BN_CTX_start(ctx); | 379 | BN_CTX_start(ctx); |
| 360 | f = BN_CTX_get(ctx); | 380 | f = BN_CTX_get(ctx); |