diff options
Diffstat (limited to 'crypto/rsa/rsa_eay.c')
-rw-r--r-- | crypto/rsa/rsa_eay.c | 124 |
1 files changed, 64 insertions, 60 deletions
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 00f8ea9341..7623189e41 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -110,11 +110,13 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)Malloc(num)) == NULL) @@ -140,9 +142,7 @@ int padding; } if (i <= 0) goto err; - if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err; - - if (BN_bin2bn(buf,num,f) == NULL) goto err; + if (BN_bin2bn(buf,num,&f) == NULL) goto err; if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { @@ -151,21 +151,21 @@ int padding; rsa->n,ctx)) goto err; } - if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->method_mod_n)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(ret); - i=BN_bn2bin(ret,&(to[num-j])); + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -181,11 +181,14 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); + if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)Malloc(num)) == NULL) @@ -209,40 +212,39 @@ int padding; } if (i <= 0) goto err; - if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err; - if (BN_bin2bn(buf,num,f) == NULL) goto err; + if (BN_bin2bn(buf,num,&f) == NULL) goto err; if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; if ( (rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) - { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(ret); - i=BN_bn2bin(ret,&(to[num-j])); + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: if (ctx != NULL) BN_CTX_free(ctx); - if (ret != NULL) BN_free(ret); - if (f != NULL) BN_free(f); + BN_clear_free(&ret); + BN_clear_free(&f); if (buf != NULL) { memset(buf,0,num); @@ -258,12 +260,14 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int j,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -284,13 +288,12 @@ int padding; } /* make data into a big number */ - if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err; - if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; + if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; /* do the decrypt */ if ( (rsa->p != NULL) && @@ -298,29 +301,29 @@ int padding; (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) - { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; p=buf; - j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ + j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ switch (padding) { case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_2(to,num,buf,j); + r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); break; case RSA_SSLV23_PADDING: - r=RSA_padding_check_SSLv23(to,num,buf,j); + r=RSA_padding_check_SSLv23(to,num,buf,j,num); break; case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,j); + r=RSA_padding_check_none(to,num,buf,j,num); break; default: RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); @@ -331,8 +334,8 @@ int padding; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -348,12 +351,14 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -373,10 +378,7 @@ int padding; goto err; } - /* make data into a big number */ - if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err; - - if (BN_bin2bn(from,flen,f) == NULL) goto err; + if (BN_bin2bn(from,flen,&f) == NULL) goto err; /* do the decrypt */ if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { @@ -385,19 +387,19 @@ int padding; rsa->n,ctx)) goto err; } - if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->method_mod_n)) goto err; p=buf; - i=BN_bn2bin(ret,p); + i=BN_bn2bin(&ret,p); switch (padding) { case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_1(to,num,buf,i); + r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); break; case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,i); + r=RSA_padding_check_none(to,num,buf,i,num); break; default: RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); @@ -408,8 +410,8 @@ int padding; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -423,14 +425,13 @@ BIGNUM *r0; BIGNUM *I; RSA *rsa; { - BIGNUM *r1=NULL,*m1=NULL; + BIGNUM r1,m1; int ret=0; BN_CTX *ctx; if ((ctx=BN_CTX_new()) == NULL) goto err; - m1=BN_new(); - r1=BN_new(); - if ((m1 == NULL) || (r1 == NULL)) goto err; + BN_init(&m1); + BN_init(&r1); if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { @@ -452,26 +453,29 @@ RSA *rsa; } } - if (!BN_mod(r1,I,rsa->q,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx, + if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, rsa->method_mod_q)) goto err; - if (!BN_mod(r1,I,rsa->p,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx, + if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, rsa->method_mod_p)) goto err; - if (!BN_add(r1,r0,rsa->p)) goto err; - if (!BN_sub(r0,r1,m1)) goto err; + if (!BN_sub(r0,r0,&m1)) goto err; + /* This will help stop the size of r0 increasing, which does + * affect the multiply if it optimised for a power of 2 size */ + if (r0->neg) + if (!BN_add(r0,r0,rsa->p)) goto err; - if (!BN_mul(r1,r0,rsa->iqmp)) goto err; - if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; - if (!BN_mul(r1,r0,rsa->q)) goto err; - if (!BN_add(r0,r1,m1)) goto err; + if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; + if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; + if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; + if (!BN_add(r0,&r1,&m1)) goto err; ret=1; err: - if (m1 != NULL) BN_free(m1); - if (r1 != NULL) BN_free(r1); + BN_clear_free(&m1); + BN_clear_free(&r1); BN_CTX_free(ctx); return(ret); } |