115
115
#include <openssl/rsa.h>
116
116
#include <openssl/rand.h>
118
#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
120
120
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
121
121
unsigned char *to, RSA *rsa,int padding);
150
150
return(&rsa_pkcs1_eay_meth);
154
* MONT_HELPER(rsa, bn_ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
156
#define MONT_HELPER(rsa, ctx, m, pre_cond, err_instr) \
157
if((pre_cond) && ((rsa)->_method_mod_##m == NULL) && \
158
!BN_MONT_CTX_set_locked(&((rsa)->_method_mod_##m), \
163
153
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
164
154
unsigned char *to, RSA *rsa, int padding)
227
217
if (BN_bin2bn(buf,num,f) == NULL) goto err;
229
219
if (BN_ucmp(f, rsa->n) >= 0)
231
221
/* usually the padding functions would catch this */
232
222
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
236
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
226
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
227
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
238
230
if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
239
231
rsa->_method_mod_n)) goto err;
436
428
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
441
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
433
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
434
if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
443
437
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
444
438
rsa->_method_mod_n)) goto err;
562
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
556
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
557
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
563
559
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
564
560
rsa->_method_mod_n))
672
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
668
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
669
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
674
672
if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
675
673
rsa->_method_mod_n)) goto err;
717
715
BIGNUM *r1,*m1,*vrfy;
718
716
BIGNUM local_dmp1,local_dmq1,local_c,local_r1;
719
717
BIGNUM *dmp1,*dmq1,*c,*pr1;
723
720
BN_CTX_start(ctx);
725
722
m1 = BN_CTX_get(ctx);
726
723
vrfy = BN_CTX_get(ctx);
728
/* Make sure mod_inverse in montgomerey intialization use correct
729
* BN_FLG_CONSTTIME flag.
731
bn_flags = rsa->p->flags;
732
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
734
rsa->p->flags |= BN_FLG_CONSTTIME;
736
MONT_HELPER(rsa, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
737
/* We restore bn_flags back */
738
rsa->p->flags = bn_flags;
740
/* Make sure mod_inverse in montgomerey intialization use correct
741
* BN_FLG_CONSTTIME flag.
743
bn_flags = rsa->q->flags;
744
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
746
rsa->q->flags |= BN_FLG_CONSTTIME;
748
MONT_HELPER(rsa, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
749
/* We restore bn_flags back */
750
rsa->q->flags = bn_flags;
752
MONT_HELPER(rsa, ctx, n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
726
BIGNUM local_p, local_q;
727
BIGNUM *p = NULL, *q = NULL;
729
/* Make sure BN_mod_inverse in Montgomery intialization uses the
730
* BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
732
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
736
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
740
BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
748
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
750
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
752
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
757
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
758
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
754
761
/* compute I mod q */
755
762
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))