From c7d7d3762cea9b7435220c2724efbd13b197f084 Mon Sep 17 00:00:00 2001
From: tb <>
Date: Wed, 9 Aug 2023 09:26:43 +0000
Subject: Move RSA blinding API from rsa_crpt.c to rsa_blinding.c

---
 src/lib/libcrypto/rsa/rsa_crpt.c | 102 +--------------------------------------
 1 file changed, 1 insertion(+), 101 deletions(-)

(limited to 'src/lib/libcrypto/rsa/rsa_crpt.c')

diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index fcf29f121e..2a23c1bb88 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.27 2023/08/09 09:25:13 tb Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.28 2023/08/09 09:26:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,103 +125,3 @@ RSA_flags(const RSA *r)
 	return r == NULL ? 0 : r->meth->flags;
 }
 LCRYPTO_ALIAS(RSA_flags);
-
-static BIGNUM *
-rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
-    BN_CTX *ctx)
-{
-	BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-	if (d == NULL || p == NULL || q == NULL)
-		return NULL;
-
-	BN_CTX_start(ctx);
-	if ((r0 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r1 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r2 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	if (!BN_sub(r1, p, BN_value_one()))
-		goto err;
-	if (!BN_sub(r2, q, BN_value_one()))
-		goto err;
-	if (!BN_mul(r0, r1, r2, ctx))
-		goto err;
-
-	ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
-err:
-	BN_CTX_end(ctx);
-	return ret;
-}
-
-BN_BLINDING *
-RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-	BIGNUM *e = NULL;
-	BIGNUM n;
-	BN_CTX *ctx = NULL;
-	BN_BLINDING *ret = NULL;
-
-	if ((ctx = in_ctx) == NULL)
-		ctx = BN_CTX_new();
-	if (ctx == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-
-	if ((e = rsa->e) == NULL)
-		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-	if (e == NULL) {
-		RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
-		goto err;
-	}
-
-	BN_init(&n);
-	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
-
-	if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
-	    rsa->_method_mod_n)) == NULL) {
-		RSAerror(ERR_R_BN_LIB);
-		goto err;
-	}
-	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
-
- err:
-	BN_CTX_end(ctx);
-	if (ctx != in_ctx)
-		BN_CTX_free(ctx);
-	if (e != rsa->e)
-		BN_free(e);
-
-	return ret;
-}
-
-void
-RSA_blinding_off(RSA *rsa)
-{
-	BN_BLINDING_free(rsa->blinding);
-	rsa->blinding = NULL;
-	rsa->flags |= RSA_FLAG_NO_BLINDING;
-}
-LCRYPTO_ALIAS(RSA_blinding_off);
-
-int
-RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-{
-	int ret = 0;
-
-	if (rsa->blinding != NULL)
-		RSA_blinding_off(rsa);
-
-	rsa->blinding = RSA_setup_blinding(rsa, ctx);
-	if (rsa->blinding == NULL)
-		goto err;
-
-	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-	ret = 1;
-err:
-	return (ret);
-}
-LCRYPTO_ALIAS(RSA_blinding_on);
-- 
cgit v1.2.3-55-g6feb