diff options
author | Richard Levitte <levitte@openssl.org> | 2019-10-15 20:28:02 +0200 |
---|---|---|
committer | Richard Levitte <levitte@openssl.org> | 2019-10-17 18:07:45 +0200 |
commit | c3a4fa4cb849ba300d4691154c0c12ac19d24710 (patch) | |
tree | de8a929f7bb54e51a6fa3c9058a3686cd5857777 /crypto | |
parent | b75d6310857bc44ef2851bde68a1979c18bb4807 (diff) |
Added internal functions for easy getting and setting all RSA parameters.
rsa_set0_all_params() is used to set all the primes, exponents and
coefficients. rsa_get0_all_params() is used to get all the primes,
exponents and coefficients.
"All" includes p, q, dP, dQ and qInv without making them separate.
All arrays of numbers are implemented as stacks to make dynamic use
easier.
Reviewed-by: Matt Caswell <matt@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/10190)
Diffstat (limited to 'crypto')
-rw-r--r-- | crypto/rsa/rsa_lib.c | 116 |
1 files changed, 116 insertions, 0 deletions
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index abdabfb45a..17ff7e7686 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -15,6 +15,7 @@ #include <openssl/engine.h> #include <openssl/evp.h> #include "crypto/evp.h" +#include "crypto/rsa.h" #include "rsa_local.h" RSA *RSA_new(void) @@ -613,3 +614,118 @@ int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2) return -1; return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2); } + +DEFINE_STACK_OF(BIGNUM) + +int rsa_set0_all_params(RSA *r, const STACK_OF(BIGNUM) *primes, + const STACK_OF(BIGNUM) *exps, + const STACK_OF(BIGNUM) *coeffs) +{ + STACK_OF(RSA_PRIME_INFO) *prime_infos, *old_infos = NULL; + int pnum; + + if (primes == NULL || exps == NULL || coeffs == NULL) + return 0; + + pnum = sk_BIGNUM_num(primes); + if (pnum < 2 + || pnum != sk_BIGNUM_num(exps) + || pnum != sk_BIGNUM_num(coeffs) + 1) + return 0; + + if (!RSA_set0_factors(r, sk_BIGNUM_value(primes, 0), + sk_BIGNUM_value(primes, 1)) + || !RSA_set0_crt_params(r, sk_BIGNUM_value(exps, 0), + sk_BIGNUM_value(exps, 1), + sk_BIGNUM_value(coeffs, 0))) + return 0; + + old_infos = r->prime_infos; + + if (pnum > 2) { + int i; + + prime_infos = sk_RSA_PRIME_INFO_new_reserve(NULL, pnum); + if (prime_infos == NULL) + return 0; + + for (i = 2; i < pnum; i++) { + BIGNUM *prime = sk_BIGNUM_value(primes, i); + BIGNUM *exp = sk_BIGNUM_value(exps, i); + BIGNUM *coeff = sk_BIGNUM_value(coeffs, i - 1); + RSA_PRIME_INFO *pinfo = NULL; + + if (!ossl_assert(prime != NULL && exp != NULL && coeff != NULL)) + goto err; + + /* Using rsa_multip_info_new() is wasteful, so allocate directly */ + if ((pinfo = OPENSSL_zalloc(sizeof(*pinfo))) == NULL) { + ERR_raise(ERR_LIB_RSA, ERR_R_MALLOC_FAILURE); + goto err; + } + + pinfo->r = prime; + pinfo->d = exp; + pinfo->t = coeff; + BN_set_flags(pinfo->r, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->d, BN_FLG_CONSTTIME); + BN_set_flags(pinfo->t, BN_FLG_CONSTTIME); + (void)sk_RSA_PRIME_INFO_push(prime_infos, pinfo); + } + + r->prime_infos = prime_infos; + + if (!rsa_multip_calc_product(r)) { + r->prime_infos = old_infos; + goto err; + } + } + + if (old_infos != NULL) { + /* + * This is hard to deal with, since the old infos could + * also be set by this function and r, d, t should not + * be freed in that case. So currently, stay consistent + * with other *set0* functions: just free it... + */ + sk_RSA_PRIME_INFO_pop_free(old_infos, rsa_multip_info_free); + } + + r->version = pnum > 2 ? RSA_ASN1_VERSION_MULTI : RSA_ASN1_VERSION_DEFAULT; + r->dirty_cnt++; + + return 1; + err: + /* r, d, t should not be freed */ + sk_RSA_PRIME_INFO_pop_free(prime_infos, rsa_multip_info_free_ex); + return 0; +} + +DEFINE_SPECIAL_STACK_OF_CONST(BIGNUM_const, BIGNUM) + +int rsa_get0_all_params(RSA *r, STACK_OF(BIGNUM_const) *primes, + STACK_OF(BIGNUM_const) *exps, + STACK_OF(BIGNUM_const) *coeffs) +{ + RSA_PRIME_INFO *pinfo; + int i, pnum; + + if (r == NULL) + return 0; + + pnum = RSA_get_multi_prime_extra_count(r); + + sk_BIGNUM_const_push(primes, RSA_get0_p(r)); + sk_BIGNUM_const_push(primes, RSA_get0_q(r)); + sk_BIGNUM_const_push(exps, RSA_get0_dmp1(r)); + sk_BIGNUM_const_push(exps, RSA_get0_dmq1(r)); + sk_BIGNUM_const_push(coeffs, RSA_get0_iqmp(r)); + for (i = 0; i < pnum; i++) { + pinfo = sk_RSA_PRIME_INFO_value(r->prime_infos, i); + sk_BIGNUM_const_push(primes, pinfo->r); + sk_BIGNUM_const_push(exps, pinfo->d); + sk_BIGNUM_const_push(coeffs, pinfo->t); + } + + return 1; +} |