| OLD | NEW |
|---|
| 1 /* crypto/rsa/rsa_eay.c */ | 1 /* crypto/rsa/rsa_eay.c */ |
| 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | 2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) |
| 3 * All rights reserved. | 3 * All rights reserved. |
| 4 * | 4 * |
| 5 * This package is an SSL implementation written | 5 * This package is an SSL implementation written |
| 6 * by Eric Young (eay@cryptsoft.com). | 6 * by Eric Young (eay@cryptsoft.com). |
| 7 * The implementation was written so as to conform with Netscapes SSL. | 7 * The implementation was written so as to conform with Netscapes SSL. |
| 8 * | 8 * |
| 9 * This library is free for commercial and non-commercial use as long as | 9 * This library is free for commercial and non-commercial use as long as |
| 10 * the following conditions are aheared to. The following conditions | 10 * the following conditions are aheared to. The following conditions |
| (...skipping 97 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 108 * Hudson (tjh@cryptsoft.com). | 108 * Hudson (tjh@cryptsoft.com). |
| 109 * | 109 * |
| 110 */ | 110 */ |
| 111 | 111 |
| 112 #include <stdio.h> | 112 #include <stdio.h> |
| 113 #include "cryptlib.h" | 113 #include "cryptlib.h" |
| 114 #include <openssl/bn.h> | 114 #include <openssl/bn.h> |
| 115 #include <openssl/rsa.h> | 115 #include <openssl/rsa.h> |
| 116 #include <openssl/rand.h> | 116 #include <openssl/rand.h> |
| 117 | 117 |
| 118 #if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) | 118 #ifndef RSA_NULL |
| 119 | 119 |
| 120 static int RSA_eay_public_encrypt(int flen, const unsigned char *from, | 120 static int RSA_eay_public_encrypt(int flen, const unsigned char *from, |
| 121 unsigned char *to, RSA *rsa,int padding); | 121 unsigned char *to, RSA *rsa,int padding); |
| 122 static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | 122 static int RSA_eay_private_encrypt(int flen, const unsigned char *from, |
| 123 unsigned char *to, RSA *rsa,int padding); | 123 unsigned char *to, RSA *rsa,int padding); |
| 124 static int RSA_eay_public_decrypt(int flen, const unsigned char *from, | 124 static int RSA_eay_public_decrypt(int flen, const unsigned char *from, |
| 125 unsigned char *to, RSA *rsa,int padding); | 125 unsigned char *to, RSA *rsa,int padding); |
| 126 static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | 126 static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 127 unsigned char *to, RSA *rsa,int padding); | 127 unsigned char *to, RSA *rsa,int padding); |
| 128 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); | 128 static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); |
| (...skipping 120 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 249 OPENSSL_cleanse(buf,num); | 249 OPENSSL_cleanse(buf,num); |
| 250 OPENSSL_free(buf); | 250 OPENSSL_free(buf); |
| 251 } | 251 } |
| 252 return(r); | 252 return(r); |
| 253 } | 253 } |
| 254 | 254 |
| 255 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) | 255 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) |
| 256 { | 256 { |
| 257 BN_BLINDING *ret; | 257 BN_BLINDING *ret; |
| 258 int got_write_lock = 0; | 258 int got_write_lock = 0; |
| 259 CRYPTO_THREADID cur; |
| 259 | 260 |
| 260 CRYPTO_r_lock(CRYPTO_LOCK_RSA); | 261 CRYPTO_r_lock(CRYPTO_LOCK_RSA); |
| 261 | 262 |
| 262 if (rsa->blinding == NULL) | 263 if (rsa->blinding == NULL) |
| 263 { | 264 { |
| 264 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); | 265 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); |
| 265 CRYPTO_w_lock(CRYPTO_LOCK_RSA); | 266 CRYPTO_w_lock(CRYPTO_LOCK_RSA); |
| 266 got_write_lock = 1; | 267 got_write_lock = 1; |
| 267 | 268 |
| 268 if (rsa->blinding == NULL) | 269 if (rsa->blinding == NULL) |
| 269 rsa->blinding = RSA_setup_blinding(rsa, ctx); | 270 rsa->blinding = RSA_setup_blinding(rsa, ctx); |
| 270 } | 271 } |
| 271 | 272 |
| 272 ret = rsa->blinding; | 273 ret = rsa->blinding; |
| 273 if (ret == NULL) | 274 if (ret == NULL) |
| 274 goto err; | 275 goto err; |
| 275 | 276 |
| 276 » if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) | 277 » CRYPTO_THREADID_current(&cur); |
| 278 » if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) |
| 277 { | 279 { |
| 278 /* rsa->blinding is ours! */ | 280 /* rsa->blinding is ours! */ |
| 279 | 281 |
| 280 *local = 1; | 282 *local = 1; |
| 281 } | 283 } |
| 282 else | 284 else |
| 283 { | 285 { |
| 284 /* resort to rsa->mt_blinding instead */ | 286 /* resort to rsa->mt_blinding instead */ |
| 285 | 287 |
| 286 *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_in
vert() | 288 *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_in
vert() |
| (...skipping 18 matching lines...) Expand all Loading... |
| 305 } | 307 } |
| 306 | 308 |
| 307 err: | 309 err: |
| 308 if (got_write_lock) | 310 if (got_write_lock) |
| 309 CRYPTO_w_unlock(CRYPTO_LOCK_RSA); | 311 CRYPTO_w_unlock(CRYPTO_LOCK_RSA); |
| 310 else | 312 else |
| 311 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); | 313 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); |
| 312 return ret; | 314 return ret; |
| 313 } | 315 } |
| 314 | 316 |
| 315 static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, | 317 static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, |
| 316 » BIGNUM *r, BN_CTX *ctx) | 318 » BN_CTX *ctx) |
| 317 { | 319 » { |
| 318 » if (local) | 320 » if (unblind == NULL) |
| 321 » » /* Local blinding: store the unblinding factor |
| 322 » » * in BN_BLINDING. */ |
| 319 return BN_BLINDING_convert_ex(f, NULL, b, ctx); | 323 return BN_BLINDING_convert_ex(f, NULL, b, ctx); |
| 320 else | 324 else |
| 321 { | 325 { |
| 322 » » int ret; | 326 » » /* Shared blinding: store the unblinding factor |
| 323 » » CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); | 327 » » * outside BN_BLINDING. */ |
| 324 » » ret = BN_BLINDING_convert_ex(f, r, b, ctx); | |
| 325 » » CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING); | |
| 326 » » return ret; | |
| 327 » » } | |
| 328 } | |
| 329 | |
| 330 static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, | |
| 331 » BIGNUM *r, BN_CTX *ctx) | |
| 332 { | |
| 333 » if (local) | |
| 334 » » return BN_BLINDING_invert_ex(f, NULL, b, ctx); | |
| 335 » else | |
| 336 » » { | |
| 337 int ret; | 328 int ret; |
| 338 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); | 329 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); |
| 339 » » ret = BN_BLINDING_invert_ex(f, r, b, ctx); | 330 » » ret = BN_BLINDING_convert_ex(f, unblind, b, ctx); |
| 340 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); | 331 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); |
| 341 return ret; | 332 return ret; |
| 342 } | 333 } |
| 343 } | 334 » } |
| 335 |
| 336 static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, |
| 337 » BN_CTX *ctx) |
| 338 » { |
| 339 » /* For local blinding, unblind is set to NULL, and BN_BLINDING_invert_ex |
| 340 » * will use the unblinding factor stored in BN_BLINDING. |
| 341 » * If BN_BLINDING is shared between threads, unblind must be non-null: |
| 342 » * BN_BLINDING_invert_ex will then use the local unblinding factor, |
| 343 » * and will only read the modulus from BN_BLINDING. |
| 344 » * In both cases it's safe to access the blinding without a lock. |
| 345 » */ |
| 346 » return BN_BLINDING_invert_ex(f, unblind, b, ctx); |
| 347 » } |
| 344 | 348 |
| 345 /* signing */ | 349 /* signing */ |
| 346 static int RSA_eay_private_encrypt(int flen, const unsigned char *from, | 350 static int RSA_eay_private_encrypt(int flen, const unsigned char *from, |
| 347 unsigned char *to, RSA *rsa, int padding) | 351 unsigned char *to, RSA *rsa, int padding) |
| 348 { | 352 { |
| 349 » BIGNUM *f, *ret, *br, *res; | 353 » BIGNUM *f, *ret, *res; |
| 350 int i,j,k,num=0,r= -1; | 354 int i,j,k,num=0,r= -1; |
| 351 unsigned char *buf=NULL; | 355 unsigned char *buf=NULL; |
| 352 BN_CTX *ctx=NULL; | 356 BN_CTX *ctx=NULL; |
| 353 int local_blinding = 0; | 357 int local_blinding = 0; |
| 358 /* Used only if the blinding structure is shared. A non-NULL unblind |
| 359 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store |
| 360 * the unblinding factor outside the blinding structure. */ |
| 361 BIGNUM *unblind = NULL; |
| 354 BN_BLINDING *blinding = NULL; | 362 BN_BLINDING *blinding = NULL; |
| 355 | 363 |
| 356 if ((ctx=BN_CTX_new()) == NULL) goto err; | 364 if ((ctx=BN_CTX_new()) == NULL) goto err; |
| 357 BN_CTX_start(ctx); | 365 BN_CTX_start(ctx); |
| 358 f = BN_CTX_get(ctx); | 366 f = BN_CTX_get(ctx); |
| 359 br = BN_CTX_get(ctx); | |
| 360 ret = BN_CTX_get(ctx); | 367 ret = BN_CTX_get(ctx); |
| 361 num = BN_num_bytes(rsa->n); | 368 num = BN_num_bytes(rsa->n); |
| 362 buf = OPENSSL_malloc(num); | 369 buf = OPENSSL_malloc(num); |
| 363 if(!f || !ret || !buf) | 370 if(!f || !ret || !buf) |
| 364 { | 371 { |
| 365 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); | 372 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); |
| 366 goto err; | 373 goto err; |
| 367 } | 374 } |
| 368 | 375 |
| 369 switch (padding) | 376 switch (padding) |
| (...skipping 27 matching lines...) Expand all Loading... |
| 397 { | 404 { |
| 398 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); | 405 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); |
| 399 if (blinding == NULL) | 406 if (blinding == NULL) |
| 400 { | 407 { |
| 401 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERR
OR); | 408 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERR
OR); |
| 402 goto err; | 409 goto err; |
| 403 } | 410 } |
| 404 } | 411 } |
| 405 | 412 |
| 406 if (blinding != NULL) | 413 if (blinding != NULL) |
| 407 » » if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) | 414 » » { |
| 415 » » if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) |
| 416 » » » { |
| 417 » » » RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILUR
E); |
| 408 goto err; | 418 goto err; |
| 419 } |
| 420 if (!rsa_blinding_convert(blinding, f, unblind, ctx)) |
| 421 goto err; |
| 422 } |
| 409 | 423 |
| 410 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | 424 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || |
| 411 ((rsa->p != NULL) && | 425 ((rsa->p != NULL) && |
| 412 (rsa->q != NULL) && | 426 (rsa->q != NULL) && |
| 413 (rsa->dmp1 != NULL) && | 427 (rsa->dmp1 != NULL) && |
| 414 (rsa->dmq1 != NULL) && | 428 (rsa->dmq1 != NULL) && |
| 415 (rsa->iqmp != NULL)) ) | 429 (rsa->iqmp != NULL)) ) |
| 416 { | 430 { |
| 417 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; | 431 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; |
| 418 } | 432 } |
| (...skipping 13 matching lines...) Expand all Loading... |
| 432 | 446 |
| 433 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 447 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) |
| 434 if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_L
OCK_RSA, rsa->n, ctx)) | 448 if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_L
OCK_RSA, rsa->n, ctx)) |
| 435 goto err; | 449 goto err; |
| 436 | 450 |
| 437 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, | 451 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, |
| 438 rsa->_method_mod_n)) goto err; | 452 rsa->_method_mod_n)) goto err; |
| 439 } | 453 } |
| 440 | 454 |
| 441 if (blinding) | 455 if (blinding) |
| 442 » » if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)
) | 456 » » if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) |
| 443 goto err; | 457 goto err; |
| 444 | 458 |
| 445 if (padding == RSA_X931_PADDING) | 459 if (padding == RSA_X931_PADDING) |
| 446 { | 460 { |
| 447 BN_sub(f, rsa->n, ret); | 461 BN_sub(f, rsa->n, ret); |
| 448 if (BN_cmp(ret, f)) | 462 if (BN_cmp(ret, f)) |
| 449 res = f; | 463 res = f; |
| 450 else | 464 else |
| 451 res = ret; | 465 res = ret; |
| 452 } | 466 } |
| (...skipping 18 matching lines...) Expand all Loading... |
| 471 { | 485 { |
| 472 OPENSSL_cleanse(buf,num); | 486 OPENSSL_cleanse(buf,num); |
| 473 OPENSSL_free(buf); | 487 OPENSSL_free(buf); |
| 474 } | 488 } |
| 475 return(r); | 489 return(r); |
| 476 } | 490 } |
| 477 | 491 |
| 478 static int RSA_eay_private_decrypt(int flen, const unsigned char *from, | 492 static int RSA_eay_private_decrypt(int flen, const unsigned char *from, |
| 479 unsigned char *to, RSA *rsa, int padding) | 493 unsigned char *to, RSA *rsa, int padding) |
| 480 { | 494 { |
| 481 » BIGNUM *f, *ret, *br; | 495 » BIGNUM *f, *ret; |
| 482 int j,num=0,r= -1; | 496 int j,num=0,r= -1; |
| 483 unsigned char *p; | 497 unsigned char *p; |
| 484 unsigned char *buf=NULL; | 498 unsigned char *buf=NULL; |
| 485 BN_CTX *ctx=NULL; | 499 BN_CTX *ctx=NULL; |
| 486 int local_blinding = 0; | 500 int local_blinding = 0; |
| 501 /* Used only if the blinding structure is shared. A non-NULL unblind |
| 502 * instructs rsa_blinding_convert() and rsa_blinding_invert() to store |
| 503 * the unblinding factor outside the blinding structure. */ |
| 504 BIGNUM *unblind = NULL; |
| 487 BN_BLINDING *blinding = NULL; | 505 BN_BLINDING *blinding = NULL; |
| 488 | 506 |
| 489 if((ctx = BN_CTX_new()) == NULL) goto err; | 507 if((ctx = BN_CTX_new()) == NULL) goto err; |
| 490 BN_CTX_start(ctx); | 508 BN_CTX_start(ctx); |
| 491 f = BN_CTX_get(ctx); | 509 f = BN_CTX_get(ctx); |
| 492 br = BN_CTX_get(ctx); | |
| 493 ret = BN_CTX_get(ctx); | 510 ret = BN_CTX_get(ctx); |
| 494 num = BN_num_bytes(rsa->n); | 511 num = BN_num_bytes(rsa->n); |
| 495 buf = OPENSSL_malloc(num); | 512 buf = OPENSSL_malloc(num); |
| 496 if(!f || !ret || !buf) | 513 if(!f || !ret || !buf) |
| 497 { | 514 { |
| 498 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); | 515 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); |
| 499 goto err; | 516 goto err; |
| 500 } | 517 } |
| 501 | 518 |
| 502 /* This check was for equality but PGP does evil things | 519 /* This check was for equality but PGP does evil things |
| (...skipping 17 matching lines...) Expand all Loading... |
| 520 { | 537 { |
| 521 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); | 538 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); |
| 522 if (blinding == NULL) | 539 if (blinding == NULL) |
| 523 { | 540 { |
| 524 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERR
OR); | 541 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERR
OR); |
| 525 goto err; | 542 goto err; |
| 526 } | 543 } |
| 527 } | 544 } |
| 528 | 545 |
| 529 if (blinding != NULL) | 546 if (blinding != NULL) |
| 530 » » if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) | 547 » » { |
| 548 » » if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) |
| 549 » » » { |
| 550 » » » RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILUR
E); |
| 531 goto err; | 551 goto err; |
| 552 } |
| 553 if (!rsa_blinding_convert(blinding, f, unblind, ctx)) |
| 554 goto err; |
| 555 } |
| 532 | 556 |
| 533 /* do the decrypt */ | 557 /* do the decrypt */ |
| 534 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || | 558 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || |
| 535 ((rsa->p != NULL) && | 559 ((rsa->p != NULL) && |
| 536 (rsa->q != NULL) && | 560 (rsa->q != NULL) && |
| 537 (rsa->dmp1 != NULL) && | 561 (rsa->dmp1 != NULL) && |
| 538 (rsa->dmq1 != NULL) && | 562 (rsa->dmq1 != NULL) && |
| 539 (rsa->iqmp != NULL)) ) | 563 (rsa->iqmp != NULL)) ) |
| 540 { | 564 { |
| 541 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; | 565 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; |
| (...skipping 13 matching lines...) Expand all Loading... |
| 555 | 579 |
| 556 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 580 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) |
| 557 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_
LOCK_RSA, rsa->n, ctx)) | 581 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_
LOCK_RSA, rsa->n, ctx)) |
| 558 goto err; | 582 goto err; |
| 559 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, | 583 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, |
| 560 rsa->_method_mod_n)) | 584 rsa->_method_mod_n)) |
| 561 goto err; | 585 goto err; |
| 562 } | 586 } |
| 563 | 587 |
| 564 if (blinding) | 588 if (blinding) |
| 565 » » if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)
) | 589 » » if (!rsa_blinding_invert(blinding, ret, unblind, ctx)) |
| 566 goto err; | 590 goto err; |
| 567 | 591 |
| 568 p=buf; | 592 p=buf; |
| 569 j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ | 593 j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ |
| 570 | 594 |
| 571 switch (padding) | 595 switch (padding) |
| 572 { | 596 { |
| 573 case RSA_PKCS1_PADDING: | 597 case RSA_PKCS1_PADDING: |
| 574 r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); | 598 r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); |
| 575 break; | 599 break; |
| (...skipping 90 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 666 } | 690 } |
| 667 | 691 |
| 668 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) | 692 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) |
| 669 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA
, rsa->n, ctx)) | 693 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA
, rsa->n, ctx)) |
| 670 goto err; | 694 goto err; |
| 671 | 695 |
| 672 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, | 696 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, |
| 673 rsa->_method_mod_n)) goto err; | 697 rsa->_method_mod_n)) goto err; |
| 674 | 698 |
| 675 if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) | 699 if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) |
| 676 » » BN_sub(ret, rsa->n, ret); | 700 » » if (!BN_sub(ret, rsa->n, ret)) goto err; |
| 677 | 701 |
| 678 p=buf; | 702 p=buf; |
| 679 i=BN_bn2bin(ret,p); | 703 i=BN_bn2bin(ret,p); |
| 680 | 704 |
| 681 switch (padding) | 705 switch (padding) |
| 682 { | 706 { |
| 683 case RSA_PKCS1_PADDING: | 707 case RSA_PKCS1_PADDING: |
| 684 r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); | 708 r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); |
| 685 break; | 709 break; |
| 686 case RSA_X931_PADDING: | 710 case RSA_X931_PADDING: |
| (...skipping 195 matching lines...) Expand 10 before | Expand all | Expand 10 after Loading... |
| 882 if (rsa->_method_mod_n != NULL) | 906 if (rsa->_method_mod_n != NULL) |
| 883 BN_MONT_CTX_free(rsa->_method_mod_n); | 907 BN_MONT_CTX_free(rsa->_method_mod_n); |
| 884 if (rsa->_method_mod_p != NULL) | 908 if (rsa->_method_mod_p != NULL) |
| 885 BN_MONT_CTX_free(rsa->_method_mod_p); | 909 BN_MONT_CTX_free(rsa->_method_mod_p); |
| 886 if (rsa->_method_mod_q != NULL) | 910 if (rsa->_method_mod_q != NULL) |
| 887 BN_MONT_CTX_free(rsa->_method_mod_q); | 911 BN_MONT_CTX_free(rsa->_method_mod_q); |
| 888 return(1); | 912 return(1); |
| 889 } | 913 } |
| 890 | 914 |
| 891 #endif | 915 #endif |
| OLD | NEW |
|---|
Chromium Code Reviews
Issue 9254031:
Upgrade chrome's OpenSSL to same version Android ships with. (Closed)
Base URL: http://src.chromium.org/svn/trunk/deps/third_party/openssl/