summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_lib.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_lib.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c43
1 files changed, 37 insertions, 6 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 93235744f7..53c5092014 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -62,7 +62,10 @@
62#include <openssl/lhash.h> 62#include <openssl/lhash.h>
63#include <openssl/bn.h> 63#include <openssl/bn.h>
64#include <openssl/rsa.h> 64#include <openssl/rsa.h>
65#include <openssl/rand.h>
66#ifndef OPENSSL_NO_ENGINE
65#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif
66 69
67const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; 70const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
68 71
@@ -70,7 +73,9 @@ static const RSA_METHOD *default_RSA_meth=NULL;
70 73
71RSA *RSA_new(void) 74RSA *RSA_new(void)
72 { 75 {
73 return(RSA_new_method(NULL)); 76 RSA *r=RSA_new_method(NULL);
77
78 return r;
74 } 79 }
75 80
76void RSA_set_default_method(const RSA_METHOD *meth) 81void RSA_set_default_method(const RSA_METHOD *meth)
@@ -108,11 +113,13 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
108 const RSA_METHOD *mtmp; 113 const RSA_METHOD *mtmp;
109 mtmp = rsa->meth; 114 mtmp = rsa->meth;
110 if (mtmp->finish) mtmp->finish(rsa); 115 if (mtmp->finish) mtmp->finish(rsa);
116#ifndef OPENSSL_NO_ENGINE
111 if (rsa->engine) 117 if (rsa->engine)
112 { 118 {
113 ENGINE_finish(rsa->engine); 119 ENGINE_finish(rsa->engine);
114 rsa->engine = NULL; 120 rsa->engine = NULL;
115 } 121 }
122#endif
116 rsa->meth = meth; 123 rsa->meth = meth;
117 if (meth->init) meth->init(rsa); 124 if (meth->init) meth->init(rsa);
118 return 1; 125 return 1;
@@ -130,6 +137,7 @@ RSA *RSA_new_method(ENGINE *engine)
130 } 137 }
131 138
132 ret->meth = RSA_get_default_method(); 139 ret->meth = RSA_get_default_method();
140#ifndef OPENSSL_NO_ENGINE
133 if (engine) 141 if (engine)
134 { 142 {
135 if (!ENGINE_init(engine)) 143 if (!ENGINE_init(engine))
@@ -154,6 +162,7 @@ RSA *RSA_new_method(ENGINE *engine)
154 return NULL; 162 return NULL;
155 } 163 }
156 } 164 }
165#endif
157 166
158 ret->pad=0; 167 ret->pad=0;
159 ret->version=0; 168 ret->version=0;
@@ -175,8 +184,10 @@ RSA *RSA_new_method(ENGINE *engine)
175 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 184 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
176 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 185 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
177 { 186 {
187#ifndef OPENSSL_NO_ENGINE
178 if (ret->engine) 188 if (ret->engine)
179 ENGINE_finish(ret->engine); 189 ENGINE_finish(ret->engine);
190#endif
180 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 191 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
181 OPENSSL_free(ret); 192 OPENSSL_free(ret);
182 ret=NULL; 193 ret=NULL;
@@ -205,8 +216,10 @@ void RSA_free(RSA *r)
205 216
206 if (r->meth->finish) 217 if (r->meth->finish)
207 r->meth->finish(r); 218 r->meth->finish(r);
219#ifndef OPENSSL_NO_ENGINE
208 if (r->engine) 220 if (r->engine)
209 ENGINE_finish(r->engine); 221 ENGINE_finish(r->engine);
222#endif
210 223
211 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); 224 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
212 225
@@ -297,7 +310,8 @@ void RSA_blinding_off(RSA *rsa)
297 BN_BLINDING_free(rsa->blinding); 310 BN_BLINDING_free(rsa->blinding);
298 rsa->blinding=NULL; 311 rsa->blinding=NULL;
299 } 312 }
300 rsa->flags&= ~RSA_FLAG_BLINDING; 313 rsa->flags &= ~RSA_FLAG_BLINDING;
314 rsa->flags |= RSA_FLAG_NO_BLINDING;
301 } 315 }
302 316
303int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) 317int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
@@ -316,15 +330,32 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
316 if (rsa->blinding != NULL) 330 if (rsa->blinding != NULL)
317 BN_BLINDING_free(rsa->blinding); 331 BN_BLINDING_free(rsa->blinding);
318 332
333 /* NB: similar code appears in setup_blinding (rsa_eay.c);
334 * this should be placed in a new function of its own, but for reasons
335 * of binary compatibility can't */
336
319 BN_CTX_start(ctx); 337 BN_CTX_start(ctx);
320 A = BN_CTX_get(ctx); 338 A = BN_CTX_get(ctx);
321 if (!BN_rand_range(A,rsa->n)) goto err; 339 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
340 {
341 /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
342 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
343 if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
344 }
345 else
346 {
347 if (!BN_rand_range(A,rsa->n)) goto err;
348 }
322 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; 349 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
323 350
324 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) 351 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
325 goto err; 352 goto err;
326 rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); 353 if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
327 rsa->flags|=RSA_FLAG_BLINDING; 354 /* to make things thread-safe without excessive locking,
355 * rsa->blinding will be used just by the current thread: */
356 rsa->blinding->thread_id = CRYPTO_thread_id();
357 rsa->flags |= RSA_FLAG_BLINDING;
358 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
328 BN_free(Ai); 359 BN_free(Ai);
329 ret=1; 360 ret=1;
330err: 361err:
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-15 12:13:11 +0000