From 0b43811cc918a2d42d2e4fa18c796a6614d684f6 Mon Sep 17 00:00:00 2001 From: tb Date: Wed, 9 Aug 2023 09:26:43 +0000 Subject: [PATCH] Move RSA blinding API from rsa_crpt.c to rsa_blinding.c --- lib/libcrypto/rsa/rsa_blinding.c | 102 ++++++++++++++++++++++++++++++- lib/libcrypto/rsa/rsa_crpt.c | 102 +------------------------------ 2 files changed, 102 insertions(+), 102 deletions(-) diff --git a/lib/libcrypto/rsa/rsa_blinding.c b/lib/libcrypto/rsa/rsa_blinding.c index bc267b1c514..e6fd67242d6 100644 --- a/lib/libcrypto/rsa/rsa_blinding.c +++ b/lib/libcrypto/rsa/rsa_blinding.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_blinding.c,v 1.1 2023/08/09 09:23:03 tb Exp $ */ +/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */ /* ==================================================================== * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. * @@ -259,3 +259,103 @@ BN_BLINDING_thread_id(BN_BLINDING *b) { return &b->tid; } + +static BIGNUM * +rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q, + BN_CTX *ctx) +{ + BIGNUM *ret = NULL, *r0, *r1, *r2; + + if (d == NULL || p == NULL || q == NULL) + return NULL; + + BN_CTX_start(ctx); + if ((r0 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r1 = BN_CTX_get(ctx)) == NULL) + goto err; + if ((r2 = BN_CTX_get(ctx)) == NULL) + goto err; + + if (!BN_sub(r1, p, BN_value_one())) + goto err; + if (!BN_sub(r2, q, BN_value_one())) + goto err; + if (!BN_mul(r0, r1, r2, ctx)) + goto err; + + ret = BN_mod_inverse_ct(NULL, d, r0, ctx); +err: + BN_CTX_end(ctx); + return ret; +} + +BN_BLINDING * +RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) +{ + BIGNUM *e = NULL; + BIGNUM n; + BN_CTX *ctx = NULL; + BN_BLINDING *ret = NULL; + + if ((ctx = in_ctx) == NULL) + ctx = BN_CTX_new(); + if (ctx == NULL) + goto err; + + BN_CTX_start(ctx); + + if ((e = rsa->e) == NULL) + e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); + if (e == NULL) { + RSAerror(RSA_R_NO_PUBLIC_EXPONENT); + goto err; + } + + BN_init(&n); + BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); + + if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp, + rsa->_method_mod_n)) == NULL) { + RSAerror(ERR_R_BN_LIB); + goto err; + } + CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); + + err: + BN_CTX_end(ctx); + if (ctx != in_ctx) + BN_CTX_free(ctx); + if (e != rsa->e) + BN_free(e); + + return ret; +} + +void +RSA_blinding_off(RSA *rsa) +{ + BN_BLINDING_free(rsa->blinding); + rsa->blinding = NULL; + rsa->flags |= RSA_FLAG_NO_BLINDING; +} +LCRYPTO_ALIAS(RSA_blinding_off); + +int +RSA_blinding_on(RSA *rsa, BN_CTX *ctx) +{ + int ret = 0; + + if (rsa->blinding != NULL) + RSA_blinding_off(rsa); + + rsa->blinding = RSA_setup_blinding(rsa, ctx); + if (rsa->blinding == NULL) + goto err; + + rsa->flags &= ~RSA_FLAG_NO_BLINDING; + ret = 1; +err: + return (ret); +} +LCRYPTO_ALIAS(RSA_blinding_on); diff --git a/lib/libcrypto/rsa/rsa_crpt.c b/lib/libcrypto/rsa/rsa_crpt.c index fcf29f121ed..2a23c1bb881 100644 --- a/lib/libcrypto/rsa/rsa_crpt.c +++ b/lib/libcrypto/rsa/rsa_crpt.c @@ -1,4 +1,4 @@ -/* $OpenBSD: rsa_crpt.c,v 1.27 2023/08/09 09:25:13 tb Exp $ */ +/* $OpenBSD: rsa_crpt.c,v 1.28 2023/08/09 09:26:43 tb Exp $ */ /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * @@ -125,103 +125,3 @@ RSA_flags(const RSA *r) return r == NULL ? 0 : r->meth->flags; } LCRYPTO_ALIAS(RSA_flags); - -static BIGNUM * -rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q, - BN_CTX *ctx) -{ - BIGNUM *ret = NULL, *r0, *r1, *r2; - - if (d == NULL || p == NULL || q == NULL) - return NULL; - - BN_CTX_start(ctx); - if ((r0 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((r1 = BN_CTX_get(ctx)) == NULL) - goto err; - if ((r2 = BN_CTX_get(ctx)) == NULL) - goto err; - - if (!BN_sub(r1, p, BN_value_one())) - goto err; - if (!BN_sub(r2, q, BN_value_one())) - goto err; - if (!BN_mul(r0, r1, r2, ctx)) - goto err; - - ret = BN_mod_inverse_ct(NULL, d, r0, ctx); -err: - BN_CTX_end(ctx); - return ret; -} - -BN_BLINDING * -RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) -{ - BIGNUM *e = NULL; - BIGNUM n; - BN_CTX *ctx = NULL; - BN_BLINDING *ret = NULL; - - if ((ctx = in_ctx) == NULL) - ctx = BN_CTX_new(); - if (ctx == NULL) - goto err; - - BN_CTX_start(ctx); - - if ((e = rsa->e) == NULL) - e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); - if (e == NULL) { - RSAerror(RSA_R_NO_PUBLIC_EXPONENT); - goto err; - } - - BN_init(&n); - BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME); - - if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp, - rsa->_method_mod_n)) == NULL) { - RSAerror(ERR_R_BN_LIB); - goto err; - } - CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); - - err: - BN_CTX_end(ctx); - if (ctx != in_ctx) - BN_CTX_free(ctx); - if (e != rsa->e) - BN_free(e); - - return ret; -} - -void -RSA_blinding_off(RSA *rsa) -{ - BN_BLINDING_free(rsa->blinding); - rsa->blinding = NULL; - rsa->flags |= RSA_FLAG_NO_BLINDING; -} -LCRYPTO_ALIAS(RSA_blinding_off); - -int -RSA_blinding_on(RSA *rsa, BN_CTX *ctx) -{ - int ret = 0; - - if (rsa->blinding != NULL) - RSA_blinding_off(rsa); - - rsa->blinding = RSA_setup_blinding(rsa, ctx); - if (rsa->blinding == NULL) - goto err; - - rsa->flags &= ~RSA_FLAG_NO_BLINDING; - ret = 1; -err: - return (ret); -} -LCRYPTO_ALIAS(RSA_blinding_on); -- 2.20.1