BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM local_n; BIGNUM *e, *n; BN_CTX *ctx; BN_BLINDING *ret = NULL; if (in_ctx == NULL) { if ((ctx = BN_CTX_new()) == NULL) return 0; } else ctx = in_ctx; BN_CTX_start(ctx); e = BN_CTX_get(ctx); if (e == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } if (rsa->e == NULL) { e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (e == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } else e = rsa->e; if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) { /* * if PRNG is not properly seeded, resort to secret exponent as * unpredictable seed */ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); } if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ n = &local_n; BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); } else n = rsa->n; ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, rsa->_method_mod_n); if (ret == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); goto err; } CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); err: BN_CTX_end(ctx); if (in_ctx == NULL) BN_CTX_free(ctx); if (rsa->e == NULL) BN_free(e); return ret; }
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM local_n; BIGNUM *e,*n; BN_CTX *ctx; BN_BLINDING *ret = NULL; if (in_ctx == NULL) { if ((ctx = BN_CTX_new()) == NULL) return 0; } else ctx = in_ctx; BN_CTX_start(ctx); e = BN_CTX_get(ctx); if (e == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } if (rsa->e == NULL) { e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (e == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } else e = rsa->e; if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { /* Set BN_FLG_CONSTTIME flag */ n = &local_n; BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); } else n = rsa->n; ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, rsa->_method_mod_n); if (ret == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); goto err; } CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); err: BN_CTX_end(ctx); if (in_ctx == NULL) BN_CTX_free(ctx); if(rsa->e == NULL) BN_free(e); return ret; }
BN_BLINDING *rsa_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM local_n; BIGNUM *e, *n; BN_CTX *ctx; BN_BLINDING *ret = NULL; BN_MONT_CTX *mont_ctx = NULL; if (in_ctx == NULL) { ctx = BN_CTX_new(); if (ctx == NULL) { return 0; } } else { ctx = in_ctx; } BN_CTX_start(ctx); e = BN_CTX_get(ctx); if (e == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); goto err; } if (rsa->e == NULL) { e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (e == NULL) { OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } else { e = rsa->e; } n = &local_n; BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) { mont_ctx = BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx); if (mont_ctx == NULL) { goto err; } } ret = BN_BLINDING_create_param(NULL, e, n, ctx, mont_ctx); if (ret == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_BN_LIB); goto err; } err: BN_CTX_end(ctx); if (in_ctx == NULL) { BN_CTX_free(ctx); } if (rsa->e == NULL) { BN_free(e); } return ret; }
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx) { BIGNUM *e; BN_CTX *ctx; BN_BLINDING *ret = NULL; if (in_ctx == NULL) { if ((ctx = BN_CTX_new()) == NULL) return 0; } else ctx = in_ctx; BN_CTX_start(ctx); e = BN_CTX_get(ctx); if (e == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } if (rsa->e == NULL) { e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (e == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } else e = rsa->e; { BIGNUM *n = BN_new(); if (n == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); goto err; } BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME); ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp, rsa->_method_mod_n); /* We MUST free n before any further use of rsa->n */ BN_free(n); } if (ret == NULL) { RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); goto err; } BN_BLINDING_set_current_thread(ret); err: BN_CTX_end(ctx); if (ctx != in_ctx) BN_CTX_free(ctx); if (e != rsa->e) BN_free(e); return ret; }
BN_BLINDING *BN_BLINDING_new(const RSA *rsa, BN_CTX *ctx) { assert(ctx != NULL); BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING)); if (ret == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(BN_BLINDING)); ret->A = BN_new(); if (ret->A == NULL) { goto err; } ret->Ai = BN_new(); if (ret->Ai == NULL) { goto err; } if (rsa->e != NULL) { ret->e = BN_dup(rsa->e); if (ret->e == NULL) { goto err; } } else { ret->e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (ret->e == NULL) { OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } /* save a copy of mod in the BN_BLINDING structure */ ret->mod = BN_dup(rsa->n); if (ret->mod == NULL) { goto err; } BN_set_flags(ret->mod, BN_FLG_CONSTTIME); /* The blinding values need to be created before this blinding can be used. */ ret->counter = BN_BLINDING_COUNTER - 1; return ret; err: BN_BLINDING_free(ret); return NULL; }