summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c80
1 files changed, 51 insertions, 29 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 7c941885f0..2e1ddd48d3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -314,51 +314,56 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
314 return ret; 314 return ret;
315} 315}
316 316
317static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, 317static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
318 BIGNUM *r, BN_CTX *ctx) 318 BN_CTX *ctx)
319{ 319 {
320 if (local) 320 if (unblind == NULL)
321 /* Local blinding: store the unblinding factor
322 * in BN_BLINDING. */
321 return BN_BLINDING_convert_ex(f, NULL, b, ctx); 323 return BN_BLINDING_convert_ex(f, NULL, b, ctx);
322 else 324 else
323 { 325 {
324 int ret; 326 /* Shared blinding: store the unblinding factor
325 CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); 327 * outside BN_BLINDING. */
326 ret = BN_BLINDING_convert_ex(f, r, b, ctx);
327 CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
328 return ret;
329 }
330}
331
332static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
333 BIGNUM *r, BN_CTX *ctx)
334{
335 if (local)
336 return BN_BLINDING_invert_ex(f, NULL, b, ctx);
337 else
338 {
339 int ret; 328 int ret;
340 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); 329 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
341 ret = BN_BLINDING_invert_ex(f, r, b, ctx); 330 ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
342 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); 331 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
343 return ret; 332 return ret;
344 } 333 }
345} 334 }
335
336static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
337 BN_CTX *ctx)
338 {
339 /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex
340 * will use the unblinding factor stored in BN_BLINDING.
341 * If BN_BLINDING is shared between threads, unblind must be non-null:
342 * BN_BLINDING_invert_ex will then use the local unblinding factor,
343 * and will only read the modulus from BN_BLINDING.
344 * In both cases it's safe to access the blinding without a lock.
345 */
346 return BN_BLINDING_invert_ex(f, unblind, b, ctx);
347 }
346 348
347/* signing */ 349/* signing */
348static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 350static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
349 unsigned char *to, RSA *rsa, int padding) 351 unsigned char *to, RSA *rsa, int padding)
350 { 352 {
351 BIGNUM *f, *ret, *br, *res; 353 BIGNUM *f, *ret, *res;
352 int i,j,k,num=0,r= -1; 354 int i,j,k,num=0,r= -1;
353 unsigned char *buf=NULL; 355 unsigned char *buf=NULL;
354 BN_CTX *ctx=NULL; 356 BN_CTX *ctx=NULL;
355 int local_blinding = 0; 357 int local_blinding = 0;
358 /* Used only if the blinding structure is shared. A non-NULL unblind
359 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
360 * the unblinding factor outside the blinding structure. */
361 BIGNUM *unblind = NULL;
356 BN_BLINDING *blinding = NULL; 362 BN_BLINDING *blinding = NULL;
357 363
358 if ((ctx=BN_CTX_new()) == NULL) goto err; 364 if ((ctx=BN_CTX_new()) == NULL) goto err;
359 BN_CTX_start(ctx); 365 BN_CTX_start(ctx);
360 f = BN_CTX_get(ctx); 366 f = BN_CTX_get(ctx);
361 br = BN_CTX_get(ctx);
362 ret = BN_CTX_get(ctx); 367 ret = BN_CTX_get(ctx);
363 num = BN_num_bytes(rsa->n); 368 num = BN_num_bytes(rsa->n);
364 buf = OPENSSL_malloc(num); 369 buf = OPENSSL_malloc(num);
@@ -406,8 +411,15 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
406 } 411 }
407 412
408 if (blinding != NULL) 413 if (blinding != NULL)
409 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 414 {
415 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
416 {
417 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
418 goto err;
419 }
420 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
410 goto err; 421 goto err;
422 }
411 423
412 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 424 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
413 ((rsa->p != NULL) && 425 ((rsa->p != NULL) &&
@@ -441,7 +453,7 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
441 } 453 }
442 454
443 if (blinding) 455 if (blinding)
444 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 456 if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
445 goto err; 457 goto err;
446 458
447 if (padding == RSA_X931_PADDING) 459 if (padding == RSA_X931_PADDING)
@@ -480,18 +492,21 @@ err:
480static int RSA_eay_private_decrypt(int flen, const unsigned char *from, 492static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
481 unsigned char *to, RSA *rsa, int padding) 493 unsigned char *to, RSA *rsa, int padding)
482 { 494 {
483 BIGNUM *f, *ret, *br; 495 BIGNUM *f, *ret;
484 int j,num=0,r= -1; 496 int j,num=0,r= -1;
485 unsigned char *p; 497 unsigned char *p;
486 unsigned char *buf=NULL; 498 unsigned char *buf=NULL;
487 BN_CTX *ctx=NULL; 499 BN_CTX *ctx=NULL;
488 int local_blinding = 0; 500 int local_blinding = 0;
501 /* Used only if the blinding structure is shared. A non-NULL unblind
502 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store
503 * the unblinding factor outside the blinding structure. */
504 BIGNUM *unblind = NULL;
489 BN_BLINDING *blinding = NULL; 505 BN_BLINDING *blinding = NULL;
490 506
491 if((ctx = BN_CTX_new()) == NULL) goto err; 507 if((ctx = BN_CTX_new()) == NULL) goto err;
492 BN_CTX_start(ctx); 508 BN_CTX_start(ctx);
493 f = BN_CTX_get(ctx); 509 f = BN_CTX_get(ctx);
494 br = BN_CTX_get(ctx);
495 ret = BN_CTX_get(ctx); 510 ret = BN_CTX_get(ctx);
496 num = BN_num_bytes(rsa->n); 511 num = BN_num_bytes(rsa->n);
497 buf = OPENSSL_malloc(num); 512 buf = OPENSSL_malloc(num);
@@ -529,8 +544,15 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
529 } 544 }
530 545
531 if (blinding != NULL) 546 if (blinding != NULL)
532 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 547 {
548 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
549 {
550 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
533 goto err; 551 goto err;
552 }
553 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
554 goto err;
555 }
534 556
535 /* do the decrypt */ 557 /* do the decrypt */
536 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 558 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -564,7 +586,7 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
564 } 586 }
565 587
566 if (blinding) 588 if (blinding)
567 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 589 if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
568 goto err; 590 goto err;
569 591
570 p=buf; 592 p=buf;
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 22:45:20 +0000