Loading crypto/rsa/Makefile +5 −3 Original line number Diff line number Diff line Loading @@ -127,7 +127,8 @@ rsa_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_crpt.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_crpt.c rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_crpt.o: ../include/internal/bn_int.h rsa_crpt.c rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h Loading @@ -145,7 +146,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.o: ../include/internal/bn_int.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h Loading Loading @@ -176,7 +178,7 @@ rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_lib.o: ../cryptlib.h ../include/internal/bn_int.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h Loading crypto/rsa/rsa_crpt.c +12 −5 Original line number Diff line number Diff line Loading @@ -62,7 +62,7 @@ #include <openssl/crypto.h> #include "cryptlib.h" #include <openssl/lhash.h> #include <openssl/bn.h> #include "internal/bn_int.h" #include <openssl/rsa.h> #include <openssl/rand.h> Loading Loading @@ -156,7 +156,7 @@ err: BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM local_n; BIGNUM *local_n = NULL; BIGNUM *e,*n; BN_CTX *ctx; BN_BLINDING *ret = NULL; Loading Loading @@ -189,17 +189,22 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) e = rsa->e; if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) if ((RAND_status() == 0) && rsa->d != NULL && bn_get_words(rsa->d) != NULL) { /* if PRNG is not properly seeded, resort to secret * exponent as unpredictable seed */ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG), 0.0); } if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ n = &local_n; local_n = n = BN_new(); if(!local_n) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); } else Loading @@ -219,6 +224,8 @@ err: BN_CTX_free(ctx); if(rsa->e == NULL) BN_free(e); if(local_n) BN_free(local_n); return ret; } crypto/rsa/rsa_depr.c +6 −4 Original line number Diff line number Diff line Loading @@ -71,12 +71,12 @@ static void *dummy=&dummy; RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) { BN_GENCB cb; int i; BN_GENCB *cb = BN_GENCB_new(); RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); if(!rsa || !e) goto err; if(!cb || !rsa || !e) goto err; /* The problem is when building with 8, 16, or 32 BN_ULONG, * unsigned long can be larger */ Loading @@ -87,15 +87,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, goto err; } BN_GENCB_set_old(&cb, callback, cb_arg); BN_GENCB_set_old(cb, callback, cb_arg); if(RSA_generate_key_ex(rsa, bits, e, &cb)) { if(RSA_generate_key_ex(rsa, bits, e, cb)) { BN_free(e); BN_GENCB_free(cb); return rsa; } err: if(e) BN_free(e); if(rsa) RSA_free(rsa); if(cb) BN_GENCB_free(cb); return 0; } #endif crypto/rsa/rsa_eay.c +77 −28 Original line number Diff line number Diff line Loading @@ -112,7 +112,7 @@ #include "cryptlib.h" #include <openssl/bn.h> #include "internal/bn_int.h" #include <openssl/rsa.h> #include <openssl/rand.h> Loading Loading @@ -433,13 +433,16 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } else { BIGNUM local_d; BIGNUM *d = NULL; BIGNUM *d = NULL, *local_d = NULL; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { BN_init(&local_d); d = &local_d; local_d = d = BN_new(); if(!d) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else Loading @@ -447,10 +450,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) { if(local_d) BN_free(local_d); goto err; } if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) { if(local_d) BN_free(local_d); goto err; } if(local_d) BN_free(local_d); } if (blinding) Loading Loading @@ -567,12 +578,16 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } else { BIGNUM local_d; BIGNUM *d = NULL; BIGNUM *d = NULL, *local_d = NULL; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; local_d = d = BN_new(); if(!d) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else Loading @@ -580,11 +595,18 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) { if(local_d) BN_free(local_d); goto err; } if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) { if(local_d) BN_free(local_d); goto err; } if(local_d) BN_free(local_d); } if (blinding) if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) Loading Loading @@ -697,7 +719,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12)) if (!BN_sub(ret, rsa->n, ret)) goto err; p=buf; Loading Loading @@ -738,17 +760,25 @@ err: static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *local_dmp1, *local_dmq1, *local_c, *local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; int ret=0; local_dmp1 = BN_new(); local_dmq1 = BN_new(); local_c = BN_new(); local_r1 = BN_new(); if(!local_dmp1 || !local_dmq1 || !local_c || !local_r1) goto err; BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); { BIGNUM local_p, local_q; BIGNUM *local_p = NULL, *local_q = NULL; BIGNUM *p = NULL, *q = NULL; /* Make sure BN_mod_inverse in Montgomery intialization uses the Loading @@ -756,12 +786,16 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { BN_init(&local_p); p = &local_p; local_p = p = BN_new(); if(!p) goto err; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); BN_init(&local_q); q = &local_q; local_q = q = BN_new(); if(!q) { BN_free(local_p); goto err; } BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); } else Loading @@ -772,12 +806,16 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) goto err; if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx) || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) { if(local_p) BN_free(local_p); if(local_q) BN_free(local_q); goto err; } } if(local_p) BN_free(local_p); if(local_q) BN_free(local_q); } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) Loading @@ -786,7 +824,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { c = &local_c; c = local_c; BN_with_flags(c, I, BN_FLG_CONSTTIME); if (!BN_mod(r1,c,rsa->q,ctx)) goto err; } Loading @@ -798,7 +836,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute r1^dmq1 mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { dmq1 = &local_dmq1; dmq1 = local_dmq1; BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); } else Loading @@ -809,7 +847,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute I mod p */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { c = &local_c; c = local_c; BN_with_flags(c, I, BN_FLG_CONSTTIME); if (!BN_mod(r1,c,rsa->p,ctx)) goto err; } Loading @@ -821,7 +859,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute r1^dmp1 mod p */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { dmp1 = &local_dmp1; dmp1 = local_dmp1; BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); } else Loading @@ -840,7 +878,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* Turn BN_FLG_CONSTTIME flag on before division operation */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { pr1 = &local_r1; pr1 = local_r1; BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); } else Loading Loading @@ -876,22 +914,33 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) * miscalculated CRT output, just do a raw (slower) * mod_exp and return that instead. */ BIGNUM local_d; BIGNUM *local_d = NULL; BIGNUM *d = NULL; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; local_d = d = BN_new(); if(!d) goto err; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else d = rsa->d; if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) { if(local_d) BN_free(local_d); goto err; } if(local_d) BN_free(local_d); } } ret=1; err: if(local_dmp1) BN_free(local_dmp1); if(local_dmq1) BN_free(local_dmq1); if(local_c) BN_free(local_c); if(local_r1) BN_free(local_r1); BN_CTX_end(ctx); return(ret); } Loading crypto/rsa/rsa_gen.c +13 −4 Original line number Diff line number Diff line Loading @@ -87,11 +87,17 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; BIGNUM local_r0,local_d,local_p; BIGNUM *local_r0, *local_d, *local_p; BIGNUM *pr0,*d,*p; int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; local_r0 = BN_new(); local_d = BN_new(); local_p = BN_new(); if(!local_r0 || !local_d || !local_p) goto err; ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); Loading Loading @@ -171,7 +177,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { pr0 = &local_r0; pr0 = local_r0; BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); } else Loading @@ -181,7 +187,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) /* set up d for correct BN_FLG_CONSTTIME flag */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; d = local_d; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else Loading @@ -196,7 +202,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) /* calculate inverse of q mod p */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { p = &local_p; p = local_p; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); } else Loading @@ -205,6 +211,9 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) ok=1; err: if(local_r0) BN_free(local_r0); if(local_d) BN_free(local_d); if(local_p) BN_free(local_p); if (ok == -1) { RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); Loading Loading
crypto/rsa/Makefile +5 −3 Original line number Diff line number Diff line Loading @@ -127,7 +127,8 @@ rsa_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_crpt.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_crpt.c rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_crpt.o: ../include/internal/bn_int.h rsa_crpt.c rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h Loading @@ -145,7 +146,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.o: ../include/internal/bn_int.h rsa_eay.c rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h Loading Loading @@ -176,7 +178,7 @@ rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_lib.o: ../cryptlib.h ../include/internal/bn_int.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h Loading
crypto/rsa/rsa_crpt.c +12 −5 Original line number Diff line number Diff line Loading @@ -62,7 +62,7 @@ #include <openssl/crypto.h> #include "cryptlib.h" #include <openssl/lhash.h> #include <openssl/bn.h> #include "internal/bn_int.h" #include <openssl/rsa.h> #include <openssl/rand.h> Loading Loading @@ -156,7 +156,7 @@ err: BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM local_n; BIGNUM *local_n = NULL; BIGNUM *e,*n; BN_CTX *ctx; BN_BLINDING *ret = NULL; Loading Loading @@ -189,17 +189,22 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) e = rsa->e; if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) if ((RAND_status() == 0) && rsa->d != NULL && bn_get_words(rsa->d) != NULL) { /* if PRNG is not properly seeded, resort to secret * exponent as unpredictable seed */ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG), 0.0); } if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ n = &local_n; local_n = n = BN_new(); if(!local_n) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); } else Loading @@ -219,6 +224,8 @@ err: BN_CTX_free(ctx); if(rsa->e == NULL) BN_free(e); if(local_n) BN_free(local_n); return ret; }
crypto/rsa/rsa_depr.c +6 −4 Original line number Diff line number Diff line Loading @@ -71,12 +71,12 @@ static void *dummy=&dummy; RSA *RSA_generate_key(int bits, unsigned long e_value, void (*callback)(int,int,void *), void *cb_arg) { BN_GENCB cb; int i; BN_GENCB *cb = BN_GENCB_new(); RSA *rsa = RSA_new(); BIGNUM *e = BN_new(); if(!rsa || !e) goto err; if(!cb || !rsa || !e) goto err; /* The problem is when building with 8, 16, or 32 BN_ULONG, * unsigned long can be larger */ Loading @@ -87,15 +87,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value, goto err; } BN_GENCB_set_old(&cb, callback, cb_arg); BN_GENCB_set_old(cb, callback, cb_arg); if(RSA_generate_key_ex(rsa, bits, e, &cb)) { if(RSA_generate_key_ex(rsa, bits, e, cb)) { BN_free(e); BN_GENCB_free(cb); return rsa; } err: if(e) BN_free(e); if(rsa) RSA_free(rsa); if(cb) BN_GENCB_free(cb); return 0; } #endif
crypto/rsa/rsa_eay.c +77 −28 Original line number Diff line number Diff line Loading @@ -112,7 +112,7 @@ #include "cryptlib.h" #include <openssl/bn.h> #include "internal/bn_int.h" #include <openssl/rsa.h> #include <openssl/rand.h> Loading Loading @@ -433,13 +433,16 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, } else { BIGNUM local_d; BIGNUM *d = NULL; BIGNUM *d = NULL, *local_d = NULL; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { BN_init(&local_d); d = &local_d; local_d = d = BN_new(); if(!d) { RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else Loading @@ -447,10 +450,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) { if(local_d) BN_free(local_d); goto err; } if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) { if(local_d) BN_free(local_d); goto err; } if(local_d) BN_free(local_d); } if (blinding) Loading Loading @@ -567,12 +578,16 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, } else { BIGNUM local_d; BIGNUM *d = NULL; BIGNUM *d = NULL, *local_d = NULL; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; local_d = d = BN_new(); if(!d) { RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else Loading @@ -580,11 +595,18 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) { if(local_d) BN_free(local_d); goto err; } if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) { if(local_d) BN_free(local_d); goto err; } if(local_d) BN_free(local_d); } if (blinding) if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) Loading Loading @@ -697,7 +719,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12)) if (!BN_sub(ret, rsa->n, ret)) goto err; p=buf; Loading Loading @@ -738,17 +760,25 @@ err: static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { BIGNUM *r1,*m1,*vrfy; BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *local_dmp1, *local_dmq1, *local_c, *local_r1; BIGNUM *dmp1,*dmq1,*c,*pr1; int ret=0; local_dmp1 = BN_new(); local_dmq1 = BN_new(); local_c = BN_new(); local_r1 = BN_new(); if(!local_dmp1 || !local_dmq1 || !local_c || !local_r1) goto err; BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); { BIGNUM local_p, local_q; BIGNUM *local_p = NULL, *local_q = NULL; BIGNUM *p = NULL, *q = NULL; /* Make sure BN_mod_inverse in Montgomery intialization uses the Loading @@ -756,12 +786,16 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { BN_init(&local_p); p = &local_p; local_p = p = BN_new(); if(!p) goto err; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); BN_init(&local_q); q = &local_q; local_q = q = BN_new(); if(!q) { BN_free(local_p); goto err; } BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); } else Loading @@ -772,12 +806,16 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) goto err; if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx) || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) { if(local_p) BN_free(local_p); if(local_q) BN_free(local_q); goto err; } } if(local_p) BN_free(local_p); if(local_q) BN_free(local_q); } if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) Loading @@ -786,7 +824,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { c = &local_c; c = local_c; BN_with_flags(c, I, BN_FLG_CONSTTIME); if (!BN_mod(r1,c,rsa->q,ctx)) goto err; } Loading @@ -798,7 +836,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute r1^dmq1 mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { dmq1 = &local_dmq1; dmq1 = local_dmq1; BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); } else Loading @@ -809,7 +847,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute I mod p */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { c = &local_c; c = local_c; BN_with_flags(c, I, BN_FLG_CONSTTIME); if (!BN_mod(r1,c,rsa->p,ctx)) goto err; } Loading @@ -821,7 +859,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* compute r1^dmp1 mod p */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { dmp1 = &local_dmp1; dmp1 = local_dmp1; BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); } else Loading @@ -840,7 +878,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) /* Turn BN_FLG_CONSTTIME flag on before division operation */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { pr1 = &local_r1; pr1 = local_r1; BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); } else Loading Loading @@ -876,22 +914,33 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) * miscalculated CRT output, just do a raw (slower) * mod_exp and return that instead. */ BIGNUM local_d; BIGNUM *local_d = NULL; BIGNUM *d = NULL; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; local_d = d = BN_new(); if(!d) goto err; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else d = rsa->d; if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) { if(local_d) BN_free(local_d); goto err; } if(local_d) BN_free(local_d); } } ret=1; err: if(local_dmp1) BN_free(local_dmp1); if(local_dmq1) BN_free(local_dmq1); if(local_c) BN_free(local_c); if(local_r1) BN_free(local_r1); BN_CTX_end(ctx); return(ret); } Loading
crypto/rsa/rsa_gen.c +13 −4 Original line number Diff line number Diff line Loading @@ -87,11 +87,17 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) { BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; BIGNUM local_r0,local_d,local_p; BIGNUM *local_r0, *local_d, *local_p; BIGNUM *pr0,*d,*p; int bitsp,bitsq,ok= -1,n=0; BN_CTX *ctx=NULL; local_r0 = BN_new(); local_d = BN_new(); local_p = BN_new(); if(!local_r0 || !local_d || !local_p) goto err; ctx=BN_CTX_new(); if (ctx == NULL) goto err; BN_CTX_start(ctx); Loading Loading @@ -171,7 +177,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { pr0 = &local_r0; pr0 = local_r0; BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); } else Loading @@ -181,7 +187,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) /* set up d for correct BN_FLG_CONSTTIME flag */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { d = &local_d; d = local_d; BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); } else Loading @@ -196,7 +202,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) /* calculate inverse of q mod p */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { p = &local_p; p = local_p; BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); } else Loading @@ -205,6 +211,9 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) ok=1; err: if(local_r0) BN_free(local_r0); if(local_d) BN_free(local_d); if(local_p) BN_free(local_p); if (ok == -1) { RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); Loading
Tim Hudson <tjh@openssl.org>Tim Hudson <tjh@openssl.org>