diff options
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_eay.c')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_eay.c | 80 |
1 files changed, 29 insertions, 51 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 2e1ddd48d3..7c941885f0 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c | |||
| @@ -314,56 +314,51 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) | |||
| 314 | return ret; | 314 | return ret; |
| 315 | } | 315 | } |
| 316 | 316 | ||
| 317 | static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, | 317 | static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, |
| 318 | BN_CTX *ctx) | 318 | BIGNUM *r, BN_CTX *ctx) |
| 319 | { | 319 | { |
| 320 | if (unblind == NULL) | 320 | if (local) |
| 321 | /* Local blinding: store the unblinding factor | ||
| 322 | * in BN_BLINDING. */ | ||
| 323 | return BN_BLINDING_convert_ex(f, NULL, b, ctx); | 321 | return BN_BLINDING_convert_ex(f, NULL, b, ctx); |
| 324 | else | 322 | else |
| 325 | { | 323 | { |
| 326 | /* Shared blinding: store the unblinding factor | 324 | int ret; |
| 327 | * outside BN_BLINDING. */ | 325 | CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); |
| 326 | ret = BN_BLINDING_convert_ex(f, r, b, ctx); | ||
| 327 | CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING); | ||
| 328 | return ret; | ||
| 329 | } | ||
| 330 | } | ||
| 331 | |||
| 332 | static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, | ||
| 333 | BIGNUM *r, BN_CTX *ctx) | ||
| 334 | { | ||
| 335 | if (local) | ||
| 336 | return BN_BLINDING_invert_ex(f, NULL, b, ctx); | ||
| 337 | else | ||
| 338 | { | ||
| 328 | int ret; | 339 | int ret; |
| 329 | CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); | 340 | CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); |
| 330 | ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); | 341 | ret = BN_BLINDING_invert_ex(f, r, b, ctx); |
| 331 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); | 342 | CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); |
| 332 | return ret; | 343 | return ret; |
| 333 | } | 344 | } |
| 334 | } | 345 | } |
| 335 | |||
| 336 | static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, | ||
| 337 | BN_CTX *ctx) | ||
| 338 | { | ||
| 339 | /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex | ||
| 340 | * will use the unblinding factor stored in BN_BLINDING. | ||
| 341 | * If BN_BLINDING is shared between threads, unblind must be non-null: | ||
| 342 | * BN_BLINDING_invert_ex will then use the local unblinding factor, | ||
| 343 | * and will only read the modulus from BN_BLINDING. | ||
| 344 | * In both cases it's safe to access the blinding without a lock. | ||
| 345 | */ | ||
| 346 | return BN_BLINDING_invert_ex(f, unblind, b, ctx); | ||
| 347 | } | ||
| 348 | 346 | ||
| 349 | /* signing */ | 347 | /* signing */ |
| 350 | static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | 348 | static int RSA_eay_private_encrypt(int flen, const unsigned char *from, |
| 351 | unsigned char *to, RSA *rsa, int padding) | 349 | unsigned char *to, RSA *rsa, int padding) |
| 352 | { | 350 | { |
| 353 | BIGNUM *f, *ret, *res; | 351 | BIGNUM *f, *ret, *br, *res; |
| 354 | int i,j,k,num=0,r= -1; | 352 | int i,j,k,num=0,r= -1; |
| 355 | unsigned char *buf=NULL; | 353 | unsigned char *buf=NULL; |
| 356 | BN_CTX *ctx=NULL; | 354 | BN_CTX *ctx=NULL; |
| 357 | int local_blinding = 0; | 355 | int local_blinding = 0; |
| 358 | /* Used only if the blinding structure is shared. A non-NULL unblind | ||
| 359 | * instructs rsa_blinding_convert() and rsa_blinding_invert() to store | ||
| 360 | * the unblinding factor outside the blinding structure. */ | ||
| 361 | BIGNUM *unblind = NULL; | ||
| 362 | BN_BLINDING *blinding = NULL; | 356 | BN_BLINDING *blinding = NULL; |
| 363 | 357 | ||
| 364 | if ((ctx=BN_CTX_new()) == NULL) goto err; | 358 | if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 365 | BN_CTX_start(ctx); | 359 | BN_CTX_start(ctx); |
| 366 | f = BN_CTX_get(ctx); | 360 | f = BN_CTX_get(ctx); |
| 361 | br = BN_CTX_get(ctx); | ||
| 367 | ret = BN_CTX_get(ctx); | 362 | ret = BN_CTX_get(ctx); |
| 368 | num = BN_num_bytes(rsa->n); | 363 | num = BN_num_bytes(rsa->n); |
| 369 | buf = OPENSSL_malloc(num); | 364 | buf = OPENSSL_malloc(num); |
| @@ -411,15 +406,8 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 411 | } | 406 | } |
| 412 | 407 | ||
| 413 | if (blinding != NULL) | 408 | if (blinding != NULL) |
| 414 | { | 409 | if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) |
| 415 | if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) | ||
| 416 | { | ||
| 417 | RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); | ||
| 418 | goto err; | ||
| 419 | } | ||
| 420 | if (!rsa_blinding_convert(blinding, f, unblind, ctx)) | ||
| 421 | goto err; | 410 | goto err; |
| 422 | } | ||
| 423 | 411 | ||
| 424 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | 412 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || |
| 425 | ((rsa->p != NULL) && | 413 | ((rsa->p != NULL) && |
| @@ -453,7 +441,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | |||
| 453 | } | 441 | } |
| 454 | 442 | ||
| 455 | if (blinding) | 443 | if (blinding) |
| 456 | if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) | 444 | if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) |
| 457 | goto err; | 445 | goto err; |
| 458 | 446 | ||
| 459 | if (padding == RSA_X931_PADDING) | 447 | if (padding == RSA_X931_PADDING) |
| @@ -492,21 +480,18 @@ err: | |||
| 492 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | 480 | static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 493 | unsigned char *to, RSA *rsa, int padding) | 481 | unsigned char *to, RSA *rsa, int padding) |
| 494 | { | 482 | { |
| 495 | BIGNUM *f, *ret; | 483 | BIGNUM *f, *ret, *br; |
| 496 | int j,num=0,r= -1; | 484 | int j,num=0,r= -1; |
| 497 | unsigned char *p; | 485 | unsigned char *p; |
| 498 | unsigned char *buf=NULL; | 486 | unsigned char *buf=NULL; |
| 499 | BN_CTX *ctx=NULL; | 487 | BN_CTX *ctx=NULL; |
| 500 | int local_blinding = 0; | 488 | int local_blinding = 0; |
| 501 | /* Used only if the blinding structure is shared. A non-NULL unblind | ||
| 502 | * instructs rsa_blinding_convert() and rsa_blinding_invert() to store | ||
| 503 | * the unblinding factor outside the blinding structure. */ | ||
| 504 | BIGNUM *unblind = NULL; | ||
| 505 | BN_BLINDING *blinding = NULL; | 489 | BN_BLINDING *blinding = NULL; |
| 506 | 490 | ||
| 507 | if((ctx = BN_CTX_new()) == NULL) goto err; | 491 | if((ctx = BN_CTX_new()) == NULL) goto err; |
| 508 | BN_CTX_start(ctx); | 492 | BN_CTX_start(ctx); |
| 509 | f = BN_CTX_get(ctx); | 493 | f = BN_CTX_get(ctx); |
| 494 | br = BN_CTX_get(ctx); | ||
| 510 | ret = BN_CTX_get(ctx); | 495 | ret = BN_CTX_get(ctx); |
| 511 | num = BN_num_bytes(rsa->n); | 496 | num = BN_num_bytes(rsa->n); |
| 512 | buf = OPENSSL_malloc(num); | 497 | buf = OPENSSL_malloc(num); |
| @@ -544,15 +529,8 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 544 | } | 529 | } |
| 545 | 530 | ||
| 546 | if (blinding != NULL) | 531 | if (blinding != NULL) |
| 547 | { | 532 | if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) |
| 548 | if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) | ||
| 549 | { | ||
| 550 | RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); | ||
| 551 | goto err; | 533 | goto err; |
| 552 | } | ||
| 553 | if (!rsa_blinding_convert(blinding, f, unblind, ctx)) | ||
| 554 | goto err; | ||
| 555 | } | ||
| 556 | 534 | ||
| 557 | /* do the decrypt */ | 535 | /* do the decrypt */ |
| 558 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | 536 | if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || |
| @@ -586,7 +564,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | |||
| 586 | } | 564 | } |
| 587 | 565 | ||
| 588 | if (blinding) | 566 | if (blinding) |
| 589 | if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) | 567 | if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) |
| 590 | goto err; | 568 | goto err; |
| 591 | 569 | ||
| 592 | p=buf; | 570 | p=buf; |