1 files changed, 162 insertions, 27 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eng.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 383a7045b2..de45088d76 100644
--- a/src/lib/libcrypto/rsa/rsa_eng.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -80,13 +80,6 @@ RSA *RSA_new(void)
 void RSA_set_default_method(const RSA_METHOD *meth)
        {
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
-                {
-                RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
-                return;
-                }
-#endif
        default_RSA_meth = meth;
        }
@@ -118,13 +111,6 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
        /* NB: The caller is specifically setting a method, so it's not up to us
         * to deal with which ENGINE it comes from. */
        const RSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
-                {
-                RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
-                return 0;
-                }
-#endif
        mtmp = rsa->meth;
        if (mtmp->finish) mtmp->finish(rsa);
 #ifndef OPENSSL_NO_ENGINE
@@ -177,18 +163,6 @@ RSA *RSA_new_method(ENGINE *engine)
                        }
                }
 #endif
-#ifdef OPENSSL_FIPS
-        if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
-                {
-                RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
-                if (ret->engine)
-                        ENGINE_finish(ret->engine);
-#endif
-                OPENSSL_free(ret);
-                return NULL;
-                }
-#endif
        ret->pad=0;
        ret->version=0;
@@ -208,7 +182,16 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->mt_blinding=NULL;
        ret->bignum_data=NULL;
        ret->flags=ret->meth->flags;
-        CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+        if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+                {
+#ifndef OPENSSL_NO_ENGINE
+        if (ret->engine)
+                ENGINE_finish(ret->engine);
+#endif
+                OPENSSL_free(ret);
+                return(NULL);
+                }
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
 #ifndef OPENSSL_NO_ENGINE
@@ -297,11 +280,163 @@ void *RSA_get_ex_data(const RSA *r, int idx)
        return(CRYPTO_get_ex_data(&r->ex_data,idx));
        }
+int RSA_size(const RSA *r)
+        {
+        return(BN_num_bytes(r->n));
+        }
+int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
+        }
+int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
+        }
+int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
+        }
+int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
+             RSA *rsa, int padding)
+        {
+        return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
+        }
 int RSA_flags(const RSA *r)
        {
        return((r == NULL)?0:r->meth->flags);
        }
+void RSA_blinding_off(RSA *rsa)
+        {
+        if (rsa->blinding != NULL)
+                {
+                BN_BLINDING_free(rsa->blinding);
+                rsa->blinding=NULL;
+                }
+        rsa->flags &= ~RSA_FLAG_BLINDING;
+        rsa->flags |= RSA_FLAG_NO_BLINDING;
+        }
+int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+        {
+        int ret=0;
+        if (rsa->blinding != NULL)
+                RSA_blinding_off(rsa);
+        rsa->blinding = RSA_setup_blinding(rsa, ctx);
+        if (rsa->blinding == NULL)
+                goto err;
+        rsa->flags |= RSA_FLAG_BLINDING;
+        rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+        ret=1;
+err:
+        return(ret);
+        }
+static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
+        const BIGNUM *q, BN_CTX *ctx)
+{
+        BIGNUM *ret = NULL, *r0, *r1, *r2;
+        if (d == NULL || p == NULL || q == NULL)
+                return NULL;
+        BN_CTX_start(ctx);
+        r0 = BN_CTX_get(ctx);
+        r1 = BN_CTX_get(ctx);
+        r2 = BN_CTX_get(ctx);
+        if (r2 == NULL)
+                goto err;
+        if (!BN_sub(r1, p, BN_value_one())) goto err;
+        if (!BN_sub(r2, q, BN_value_one())) goto err;
+        if (!BN_mul(r0, r1, r2, ctx)) goto err;
+        ret = BN_mod_inverse(NULL, d, r0, ctx);
+err:
+        BN_CTX_end(ctx);
+        return ret;
+}
+BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+        BIGNUM local_n;
+        BIGNUM *e,*n;
+        BN_CTX *ctx;
+        BN_BLINDING *ret = NULL;
+        if (in_ctx == NULL)
+                {
+                if ((ctx = BN_CTX_new()) == NULL) return 0;
+                }
+        else
+                ctx = in_ctx;
+        BN_CTX_start(ctx);
+        e  = BN_CTX_get(ctx);
+        if (e == NULL)
+                {
+                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
+                goto err;
+                }
+        if (rsa->e == NULL)
+                {
+                e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+                if (e == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
+                        goto err;
+                        }
+                }
+        else
+                e = rsa->e;
+        
+        if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
+                {
+                /* if PRNG is not properly seeded, resort to secret
+                 * exponent as unpredictable seed */
+                RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
+                }
+        if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
+                {
+                /* Set BN_FLG_CONSTTIME flag */
+                n = &local_n;
+                BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+                }
+        else
+                n = rsa->n;
+        ret = BN_BLINDING_create_param(NULL, e, n, ctx,
+                        rsa->meth->bn_mod_exp, rsa->_method_mod_n);
+        if (ret == NULL)
+                {
+                RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
+                goto err;
+                }
+        CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
+err:
+        BN_CTX_end(ctx);
+        if (in_ctx == NULL)
+                BN_CTX_free(ctx);
+        if(rsa->e == NULL)
+                BN_free(e);
+        return ret;
+}
 int RSA_memory_lock(RSA *r)
        {
        int i,j,k,off;

diff --git a/src/lib/libcrypto/rsa/rsa_eng.c b/src/lib/libcrypto/rsa/rsa_lib.c index 383a7045b2..de45088d76 100644 --- a/src/lib/libcrypto/rsa/rsa_eng.c +++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -80,13 +80,6 @@ RSA *RSA_new(void)
80		80
81	void RSA_set_default_method(const RSA_METHOD *meth)	81	void RSA_set_default_method(const RSA_METHOD *meth)
82	{	82	{
83	#ifdef OPENSSL_FIPS
84	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
85	{
86	RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
87	return;
88	}
89	#endif
90	default_RSA_meth = meth;	83	default_RSA_meth = meth;
91	}	84	}
92		85
@@ -118,13 +111,6 @@ int RSA_set_method(RSA rsa, const RSA_METHOD meth)
118	/* NB: The caller is specifically setting a method, so it's not up to us	111	/* NB: The caller is specifically setting a method, so it's not up to us
119	* to deal with which ENGINE it comes from. */	112	* to deal with which ENGINE it comes from. */
120	const RSA_METHOD *mtmp;	113	const RSA_METHOD *mtmp;
121	#ifdef OPENSSL_FIPS
122	if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
123	{
124	RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
125	return 0;
126	}
127	#endif
128	mtmp = rsa->meth;	114	mtmp = rsa->meth;
129	if (mtmp->finish) mtmp->finish(rsa);	115	if (mtmp->finish) mtmp->finish(rsa);
130	#ifndef OPENSSL_NO_ENGINE	116	#ifndef OPENSSL_NO_ENGINE
@@ -177,18 +163,6 @@ RSA RSA_new_method(ENGINE engine)
177	}	163	}
178	}	164	}
179	#endif	165	#endif
180	#ifdef OPENSSL_FIPS
181	if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
182	{
183	RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
184	#ifndef OPENSSL_NO_ENGINE
185	if (ret->engine)
186	ENGINE_finish(ret->engine);
187	#endif
188	OPENSSL_free(ret);
189	return NULL;
190	}
191	#endif
192		166
193	ret->pad=0;	167	ret->pad=0;
194	ret->version=0;	168	ret->version=0;
@@ -208,7 +182,16 @@ RSA RSA_new_method(ENGINE engine)
208	ret->mt_blinding=NULL;	182	ret->mt_blinding=NULL;
209	ret->bignum_data=NULL;	183	ret->bignum_data=NULL;
210	ret->flags=ret->meth->flags;	184	ret->flags=ret->meth->flags;
211	CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);	185	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
		186	{
		187	#ifndef OPENSSL_NO_ENGINE
		188	if (ret->engine)
		189	ENGINE_finish(ret->engine);
		190	#endif
		191	OPENSSL_free(ret);
		192	return(NULL);
		193	}
		194
212	if ((ret->meth->init != NULL) && !ret->meth->init(ret))	195	if ((ret->meth->init != NULL) && !ret->meth->init(ret))
213	{	196	{
214	#ifndef OPENSSL_NO_ENGINE	197	#ifndef OPENSSL_NO_ENGINE
@@ -297,11 +280,163 @@ void RSA_get_ex_data(const RSA r, int idx)
297	return(CRYPTO_get_ex_data(&r->ex_data,idx));	280	return(CRYPTO_get_ex_data(&r->ex_data,idx));
298	}	281	}
299		282
		283	int RSA_size(const RSA *r)
		284	{
		285	return(BN_num_bytes(r->n));
		286	}
		287
		288	int RSA_public_encrypt(int flen, const unsigned char from, unsigned char to,
		289	RSA *rsa, int padding)
		290	{
		291	return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
		292	}
		293
		294	int RSA_private_encrypt(int flen, const unsigned char from, unsigned char to,
		295	RSA *rsa, int padding)
		296	{
		297	return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
		298	}
		299
		300	int RSA_private_decrypt(int flen, const unsigned char from, unsigned char to,
		301	RSA *rsa, int padding)
		302	{
		303	return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
		304	}
		305
		306	int RSA_public_decrypt(int flen, const unsigned char from, unsigned char to,
		307	RSA *rsa, int padding)
		308	{
		309	return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
		310	}
		311
300	int RSA_flags(const RSA *r)	312	int RSA_flags(const RSA *r)
301	{	313	{
302	return((r == NULL)?0:r->meth->flags);	314	return((r == NULL)?0:r->meth->flags);
303	}	315	}
304		316
		317	void RSA_blinding_off(RSA *rsa)
		318	{
		319	if (rsa->blinding != NULL)
		320	{
		321	BN_BLINDING_free(rsa->blinding);
		322	rsa->blinding=NULL;
		323	}
		324	rsa->flags &= ~RSA_FLAG_BLINDING;
		325	rsa->flags \|= RSA_FLAG_NO_BLINDING;
		326	}
		327
		328	int RSA_blinding_on(RSA rsa, BN_CTX ctx)
		329	{
		330	int ret=0;
		331
		332	if (rsa->blinding != NULL)
		333	RSA_blinding_off(rsa);
		334
		335	rsa->blinding = RSA_setup_blinding(rsa, ctx);
		336	if (rsa->blinding == NULL)
		337	goto err;
		338
		339	rsa->flags \|= RSA_FLAG_BLINDING;
		340	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
		341	ret=1;
		342	err:
		343	return(ret);
		344	}
		345
		346	static BIGNUM rsa_get_public_exp(const BIGNUM d, const BIGNUM *p,
		347	const BIGNUM q, BN_CTX ctx)
		348	{
		349	BIGNUM ret = NULL, r0, r1, r2;
		350
		351	if (d == NULL \|\| p == NULL \|\| q == NULL)
		352	return NULL;
		353
		354	BN_CTX_start(ctx);
		355	r0 = BN_CTX_get(ctx);
		356	r1 = BN_CTX_get(ctx);
		357	r2 = BN_CTX_get(ctx);
		358	if (r2 == NULL)
		359	goto err;
		360
		361	if (!BN_sub(r1, p, BN_value_one())) goto err;
		362	if (!BN_sub(r2, q, BN_value_one())) goto err;
		363	if (!BN_mul(r0, r1, r2, ctx)) goto err;
		364
		365	ret = BN_mod_inverse(NULL, d, r0, ctx);
		366	err:
		367	BN_CTX_end(ctx);
		368	return ret;
		369	}
		370
		371	BN_BLINDING RSA_setup_blinding(RSA rsa, BN_CTX *in_ctx)
		372	{
		373	BIGNUM local_n;
		374	BIGNUM e,n;
		375	BN_CTX *ctx;
		376	BN_BLINDING *ret = NULL;
		377
		378	if (in_ctx == NULL)
		379	{
		380	if ((ctx = BN_CTX_new()) == NULL) return 0;
		381	}
		382	else
		383	ctx = in_ctx;
		384
		385	BN_CTX_start(ctx);
		386	e = BN_CTX_get(ctx);
		387	if (e == NULL)
		388	{
		389	RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
		390	goto err;
		391	}
		392
		393	if (rsa->e == NULL)
		394	{
		395	e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
		396	if (e == NULL)
		397	{
		398	RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
		399	goto err;
		400	}
		401	}
		402	else
		403	e = rsa->e;
		404
		405
		406	if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
		407	{
		408	/* if PRNG is not properly seeded, resort to secret
		409	* exponent as unpredictable seed */
		410	RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
		411	}
		412
		413	if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
		414	{
		415	/* Set BN_FLG_CONSTTIME flag */
		416	n = &local_n;
		417	BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
		418	}
		419	else
		420	n = rsa->n;
		421
		422	ret = BN_BLINDING_create_param(NULL, e, n, ctx,
		423	rsa->meth->bn_mod_exp, rsa->_method_mod_n);
		424	if (ret == NULL)
		425	{
		426	RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
		427	goto err;
		428	}
		429	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
		430	err:
		431	BN_CTX_end(ctx);
		432	if (in_ctx == NULL)
		433	BN_CTX_free(ctx);
		434	if(rsa->e == NULL)
		435	BN_free(e);
		436
		437	return ret;
		438	}
		439
305	int RSA_memory_lock(RSA *r)	440	int RSA_memory_lock(RSA *r)
306	{	441	{
307	int i,j,k,off;	442	int i,j,k,off;