QuasarApp/openssl
4
0
Fork 0
mirror of https://github.com/QuasarApp/openssl.git synced 2025-04-30 11:44:37 +00:00
Code Issues Projects Releases Wiki Activity

Implement internally opaque bn access from rsa

Browse Source 
Reviewed-by: Tim Hudson <tjh@openssl.org>
This commit is contained in:
Matt Caswell 2014-10-28 23:00:29 +00:00
parent 68c29f61a4
commit 18125f7f55
7 changed files with 130 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
crypto/rsa/Makefile
View File

@ -127,7 +127,8 @@ rsa_crpt.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_crpt.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_crpt.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_crpt.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_crpt.c rsa_crpt.o: ../../include/openssl/symhacks.h ../cryptlib.h
rsa_crpt.o: ../include/internal/bn_int.h rsa_crpt.c
rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@ -145,7 +146,8 @@ rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h
rsa_eay.o: ../include/internal/bn_int.h rsa_eay.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@ -176,7 +178,7 @@ rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_lib.o: ../cryptlib.h ../include/internal/bn_int.h rsa_lib.c
rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

17
crypto/rsa/rsa_crpt.c
View File

@ -62,7 +62,7 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/lhash.h> #include <openssl/lhash.h>
#include <openssl/bn.h> #include "internal/bn_int.h"
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@ -156,7 +156,7 @@ err:
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
{ {
BIGNUM local_n; BIGNUM *local_n = NULL;
BIGNUM *e,*n; BIGNUM *e,*n;
BN_CTX *ctx; BN_CTX *ctx;
BN_BLINDING *ret = NULL; BN_BLINDING *ret = NULL;
@ -189,17 +189,22 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
e = rsa->e; e = rsa->e;
if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) if ((RAND_status() == 0) && rsa->d != NULL && bn_get_words(rsa->d) != NULL)
{ {
/* if PRNG is not properly seeded, resort to secret /* if PRNG is not properly seeded, resort to secret
* exponent as unpredictable seed */ * exponent as unpredictable seed */
RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG), 0.0);
} }
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
/* Set BN_FLG_CONSTTIME flag */ /* Set BN_FLG_CONSTTIME flag */
n = &local_n; local_n = n = BN_new();
if(!local_n)
{
RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
} }
else else
@ -219,6 +224,8 @@ err:
BN_CTX_free(ctx); BN_CTX_free(ctx);
if(rsa->e == NULL) if(rsa->e == NULL)
BN_free(e); BN_free(e);
if(local_n)
BN_free(local_n);
return ret; return ret;
} }

10
crypto/rsa/rsa_depr.c
View File

@ -71,12 +71,12 @@ static void *dummy=&dummy;
RSA *RSA_generate_key(int bits, unsigned long e_value, RSA *RSA_generate_key(int bits, unsigned long e_value,
void (*callback)(int,int,void *), void *cb_arg) void (*callback)(int,int,void *), void *cb_arg)
{ {
BN_GENCB cb;
int i; int i;
BN_GENCB *cb = BN_GENCB_new();
RSA *rsa = RSA_new(); RSA *rsa = RSA_new();
BIGNUM *e = BN_new(); BIGNUM *e = BN_new();
if(!rsa || !e) goto err; if(!cb || !rsa || !e) goto err;
/* The problem is when building with 8, 16, or 32 BN_ULONG, /* The problem is when building with 8, 16, or 32 BN_ULONG,
* unsigned long can be larger */ * unsigned long can be larger */
@ -87,15 +87,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
goto err; goto err;
} }
BN_GENCB_set_old(&cb, callback, cb_arg); BN_GENCB_set_old(cb, callback, cb_arg);
if(RSA_generate_key_ex(rsa, bits, e, &cb)) { if(RSA_generate_key_ex(rsa, bits, e, cb)) {
BN_free(e); BN_free(e);
BN_GENCB_free(cb);
return rsa; return rsa;
} }
err: err:
if(e) BN_free(e); if(e) BN_free(e);
if(rsa) RSA_free(rsa); if(rsa) RSA_free(rsa);
if(cb) BN_GENCB_free(cb);
return 0; return 0;
} }
#endif #endif

103
crypto/rsa/rsa_eay.c
View File

@ -112,7 +112,7 @@
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/bn.h> #include "internal/bn_int.h"
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/rand.h> #include <openssl/rand.h>
@ -433,13 +433,16 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
} }
else else
{ {
BIGNUM local_d; BIGNUM *d = NULL, *local_d = NULL;
BIGNUM *d = NULL;
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
BN_init(&local_d); local_d = d = BN_new();
d = &local_d; if(!d)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
} }
else else
@ -447,10 +450,18 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
{
if(local_d) BN_free(local_d);
goto err; goto err;
}
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n)) goto err; rsa->_method_mod_n))
{
if(local_d) BN_free(local_d);
goto err;
}
if(local_d) BN_free(local_d);
} }
if (blinding) if (blinding)
@ -567,12 +578,16 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
} }
else else
{ {
BIGNUM local_d; BIGNUM *d = NULL, *local_d = NULL;
BIGNUM *d = NULL;
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
d = &local_d; local_d = d = BN_new();
if(!d)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
} }
else else
@ -580,11 +595,18 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
{
if(local_d) BN_free(local_d);
goto err; goto err;
}
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n)) rsa->_method_mod_n))
{
if(local_d) BN_free(local_d);
goto err; goto err;
} }
if(local_d) BN_free(local_d);
}
if (blinding) if (blinding)
if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) if (!rsa_blinding_invert(blinding, ret, unblind, ctx))
@ -697,7 +719,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err; rsa->_method_mod_n)) goto err;
if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12))
if (!BN_sub(ret, rsa->n, ret)) goto err; if (!BN_sub(ret, rsa->n, ret)) goto err;
p=buf; p=buf;
@ -738,17 +760,25 @@ err:
static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{ {
BIGNUM *r1,*m1,*vrfy; BIGNUM *r1,*m1,*vrfy;
BIGNUM local_dmp1,local_dmq1,local_c,local_r1; BIGNUM *local_dmp1, *local_dmq1, *local_c, *local_r1;
BIGNUM *dmp1,*dmq1,*c,*pr1; BIGNUM *dmp1,*dmq1,*c,*pr1;
int ret=0; int ret=0;
local_dmp1 = BN_new();
local_dmq1 = BN_new();
local_c = BN_new();
local_r1 = BN_new();
if(!local_dmp1 || !local_dmq1 || !local_c || !local_r1)
goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
r1 = BN_CTX_get(ctx); r1 = BN_CTX_get(ctx);
m1 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx);
vrfy = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx);
{ {
BIGNUM local_p, local_q; BIGNUM *local_p = NULL, *local_q = NULL;
BIGNUM *p = NULL, *q = NULL; BIGNUM *p = NULL, *q = NULL;
/* Make sure BN_mod_inverse in Montgomery intialization uses the /* Make sure BN_mod_inverse in Montgomery intialization uses the
@ -756,12 +786,16 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
*/ */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
BN_init(&local_p); local_p = p = BN_new();
p = &local_p; if(!p) goto err;
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
BN_init(&local_q); local_q = q = BN_new();
q = &local_q; if(!q)
{
BN_free(local_p);
goto err;
}
BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
} }
else else
@ -772,12 +806,16 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
{ {
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx) || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
goto err; {
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) if(local_p) BN_free(local_p);
if(local_q) BN_free(local_q);
goto err; goto err;
} }
} }
if(local_p) BN_free(local_p);
if(local_q) BN_free(local_q);
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
@ -786,7 +824,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
/* compute I mod q */ /* compute I mod q */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
c = &local_c; c = local_c;
BN_with_flags(c, I, BN_FLG_CONSTTIME); BN_with_flags(c, I, BN_FLG_CONSTTIME);
if (!BN_mod(r1,c,rsa->q,ctx)) goto err; if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
} }
@ -798,7 +836,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
/* compute r1^dmq1 mod q */ /* compute r1^dmq1 mod q */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
dmq1 = &local_dmq1; dmq1 = local_dmq1;
BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
} }
else else
@ -809,7 +847,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
/* compute I mod p */ /* compute I mod p */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
c = &local_c; c = local_c;
BN_with_flags(c, I, BN_FLG_CONSTTIME); BN_with_flags(c, I, BN_FLG_CONSTTIME);
if (!BN_mod(r1,c,rsa->p,ctx)) goto err; if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
} }
@ -821,7 +859,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
/* compute r1^dmp1 mod p */ /* compute r1^dmp1 mod p */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
dmp1 = &local_dmp1; dmp1 = local_dmp1;
BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
} }
else else
@ -840,7 +878,7 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
/* Turn BN_FLG_CONSTTIME flag on before division operation */ /* Turn BN_FLG_CONSTTIME flag on before division operation */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
pr1 = &local_r1; pr1 = local_r1;
BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
} }
else else
@ -876,22 +914,33 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
* miscalculated CRT output, just do a raw (slower) * miscalculated CRT output, just do a raw (slower)
* mod_exp and return that instead. */ * mod_exp and return that instead. */
BIGNUM local_d; BIGNUM *local_d = NULL;
BIGNUM *d = NULL; BIGNUM *d = NULL;
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
d = &local_d; local_d = d = BN_new();
if(!d) goto err;
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
} }
else else
d = rsa->d; d = rsa->d;
if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,
rsa->_method_mod_n)) goto err; rsa->_method_mod_n))
{
if(local_d) BN_free(local_d);
goto err;
}
if(local_d) BN_free(local_d);
} }
} }
ret=1; ret=1;
err: err:
if(local_dmp1) BN_free(local_dmp1);
if(local_dmq1) BN_free(local_dmq1);
if(local_c) BN_free(local_c);
if(local_r1) BN_free(local_r1);
BN_CTX_end(ctx); BN_CTX_end(ctx);
return(ret); return(ret);
} }

17
crypto/rsa/rsa_gen.c
View File

@ -87,11 +87,17 @@ int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{ {
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
BIGNUM local_r0,local_d,local_p; BIGNUM *local_r0, *local_d, *local_p;
BIGNUM *pr0,*d,*p; BIGNUM *pr0,*d,*p;
int bitsp,bitsq,ok= -1,n=0; int bitsp,bitsq,ok= -1,n=0;
BN_CTX *ctx=NULL; BN_CTX *ctx=NULL;
local_r0 = BN_new();
local_d = BN_new();
local_p = BN_new();
if(!local_r0 || !local_d || !local_p)
goto err;
ctx=BN_CTX_new(); ctx=BN_CTX_new();
if (ctx == NULL) goto err; if (ctx == NULL) goto err;
BN_CTX_start(ctx); BN_CTX_start(ctx);
@ -171,7 +177,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
pr0 = &local_r0; pr0 = local_r0;
BN_with_flags(pr0, r0, BN_FLG_CONSTTIME); BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
} }
else else
@ -181,7 +187,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
/* set up d for correct BN_FLG_CONSTTIME flag */ /* set up d for correct BN_FLG_CONSTTIME flag */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
d = &local_d; d = local_d;
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
} }
else else
@ -196,7 +202,7 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
/* calculate inverse of q mod p */ /* calculate inverse of q mod p */
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{ {
p = &local_p; p = local_p;
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
} }
else else
@ -205,6 +211,9 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
ok=1; ok=1;
err: err:
if(local_r0) BN_free(local_r0);
if(local_d) BN_free(local_d);
if(local_p) BN_free(local_p);
if (ok == -1) if (ok == -1)
{ {
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN);

18
crypto/rsa/rsa_lib.c
View File

@ -60,7 +60,7 @@
#include <openssl/crypto.h> #include <openssl/crypto.h>
#include "cryptlib.h" #include "cryptlib.h"
#include <openssl/lhash.h> #include <openssl/lhash.h>
#include <openssl/bn.h> #include "internal/bn_int.h"
#include <openssl/rsa.h> #include <openssl/rsa.h>
#include <openssl/rand.h> #include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE #ifndef OPENSSL_NO_ENGINE
@ -290,27 +290,27 @@ int RSA_memory_lock(RSA *r)
t[3]= &r->dmp1; t[3]= &r->dmp1;
t[4]= &r->dmq1; t[4]= &r->dmq1;
t[5]= &r->iqmp; t[5]= &r->iqmp;
k=sizeof(BIGNUM)*6; k=bn_sizeof_BIGNUM()*6;
off=k/sizeof(BN_ULONG)+1; off=k/sizeof(BN_ULONG)+1;
j=1; j=1;
for (i=0; i<6; i++) for (i=0; i<6; i++)
j+= (*t[i])->top; j+= bn_get_top(*t[i]);
if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
{ {
RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
return(0); return(0);
} }
memset(p, 0, (off+j)*sizeof(BN_ULONG));
bn=(BIGNUM *)p; bn=(BIGNUM *)p;
ul=(BN_ULONG *)&(p[off]); ul=(BN_ULONG *)&(p[off]);
for (i=0; i<6; i++) for (i=0; i<6; i++)
{ {
b= *(t[i]); b= *(t[i]);
*(t[i])= &(bn[i]); *(t[i])= bn_array_el(bn, i);
memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); memcpy((char *)bn_array_el(bn, i),(char *)b,bn_sizeof_BIGNUM());
bn[i].flags=BN_FLG_STATIC_DATA; memcpy((char *)ul,bn_get_words(b),sizeof(BN_ULONG)*bn_get_top(b));
bn[i].d=ul; bn_set_static_words(bn_array_el(bn, i), ul, bn_get_top(b));
memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); ul+=bn_get_top(b);
ul+=b->top;
BN_clear_free(b); BN_clear_free(b);
} }

10
crypto/rsa/rsa_pmeth.c
View File

@ -716,7 +716,7 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{ {
RSA *rsa = NULL; RSA *rsa = NULL;
RSA_PKEY_CTX *rctx = ctx->data; RSA_PKEY_CTX *rctx = ctx->data;
BN_GENCB *pcb, cb; BN_GENCB *pcb;
int ret; int ret;
if (!rctx->pub_exp) if (!rctx->pub_exp)
{ {
@ -729,12 +729,18 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
return 0; return 0;
if (ctx->pkey_gencb) if (ctx->pkey_gencb)
{ {
pcb = &cb; pcb = BN_GENCB_new();
if(!pcb)
{
RSA_free(rsa);
return 0;
}
evp_pkey_set_cb_translate(pcb, ctx); evp_pkey_set_cb_translate(pcb, ctx);
} }
else else
pcb = NULL; pcb = NULL;
ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
BN_GENCB_free(pcb);
if (ret > 0) if (ret > 0)
EVP_PKEY_assign_RSA(pkey, rsa); EVP_PKEY_assign_RSA(pkey, rsa);
else else