From c7d7d3762cea9b7435220c2724efbd13b197f084 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 9 Aug 2023 09:26:43 +0000
Subject: Move RSA blinding API from rsa_crpt.c to rsa_blinding.c

---
 src/lib/libcrypto/rsa/rsa_blinding.c | 102 ++++++++++++++++++++++++++++++++++-
 1 file changed, 101 insertions(+), 1 deletion(-)

(limited to 'src/lib/libcrypto/rsa/rsa_blinding.c')

diff --git a/src/lib/libcrypto/rsa/rsa_blinding.c b/src/lib/libcrypto/rsa/rsa_blinding.c
index bc267b1c51..e6fd67242d 100644
--- a/src/lib/libcrypto/rsa/rsa_blinding.c
+++ b/src/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_blinding.c,v 1.1 2023/08/09 09:23:03 tb Exp $ */
+/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -259,3 +259,103 @@ BN_BLINDING_thread_id(BN_BLINDING *b)
 {
 	return &b->tid;
 }
+
+static BIGNUM *
+rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
+    BN_CTX *ctx)
+{
+	BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+	if (d == NULL || p == NULL || q == NULL)
+		return NULL;
+
+	BN_CTX_start(ctx);
+	if ((r0 = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((r1 = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((r2 = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if (!BN_sub(r1, p, BN_value_one()))
+		goto err;
+	if (!BN_sub(r2, q, BN_value_one()))
+		goto err;
+	if (!BN_mul(r0, r1, r2, ctx))
+		goto err;
+
+	ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
+err:
+	BN_CTX_end(ctx);
+	return ret;
+}
+
+BN_BLINDING *
+RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+	BIGNUM *e = NULL;
+	BIGNUM n;
+	BN_CTX *ctx = NULL;
+	BN_BLINDING *ret = NULL;
+
+	if ((ctx = in_ctx) == NULL)
+		ctx = BN_CTX_new();
+	if (ctx == NULL)
+		goto err;
+
+	BN_CTX_start(ctx);
+
+	if ((e = rsa->e) == NULL)
+		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+	if (e == NULL) {
+		RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
+		goto err;
+	}
+
+	BN_init(&n);
+	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
+
+	if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
+	    rsa->_method_mod_n)) == NULL) {
+		RSAerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
+
+ err:
+	BN_CTX_end(ctx);
+	if (ctx != in_ctx)
+		BN_CTX_free(ctx);
+	if (e != rsa->e)
+		BN_free(e);
+
+	return ret;
+}
+
+void
+RSA_blinding_off(RSA *rsa)
+{
+	BN_BLINDING_free(rsa->blinding);
+	rsa->blinding = NULL;
+	rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+LCRYPTO_ALIAS(RSA_blinding_off);
+
+int
+RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+	int ret = 0;
+
+	if (rsa->blinding != NULL)
+		RSA_blinding_off(rsa);
+
+	rsa->blinding = RSA_setup_blinding(rsa, ctx);
+	if (rsa->blinding == NULL)
+		goto err;
+
+	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+	ret = 1;
+err:
+	return (ret);
+}
+LCRYPTO_ALIAS(RSA_blinding_on);
-- 
cgit v1.2.3-55-g6feb