void
RSA_free(RSA *r)
{
int i;
if (r == NULL)
return;
i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
if (i > 0)
return;
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
BN_clear_free(r->n);
BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
BN_BLINDING_free(r->blinding);
BN_BLINDING_free(r->mt_blinding);
free(r);
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL) return;
i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"RSA_free, bad reference count\n");
abort();
}
#endif
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
if (r->additional_primes != NULL)
{
int j;
for (j = 0; j < sk_RSA_additional_prime_num(r->additional_primes); j++)
{
RSA_additional_prime *ap = sk_RSA_additional_prime_value(r->additional_primes, j);
BN_clear_free(ap->prime);
BN_clear_free(ap->exp);
BN_clear_free(ap->coeff);
BN_clear_free(ap->r);
}
sk_RSA_additional_prime_pop_free(r->additional_primes, int_rsa_free_additional_prime);
}
OPENSSL_free(r);
}
void RSA_free(RSA *rsa) {
unsigned u;
if (rsa == NULL) {
return;
}
if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) {
return;
}
if (rsa->meth->finish) {
rsa->meth->finish(rsa);
}
METHOD_unref(rsa->meth);
CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data);
BN_clear_free(rsa->n);
BN_clear_free(rsa->e);
BN_clear_free(rsa->d);
BN_clear_free(rsa->p);
BN_clear_free(rsa->q);
BN_clear_free(rsa->dmp1);
BN_clear_free(rsa->dmq1);
BN_clear_free(rsa->iqmp);
for (u = 0; u < rsa->num_blindings; u++) {
BN_BLINDING_free(rsa->blindings[u]);
}
OPENSSL_free(rsa->blindings);
OPENSSL_free(rsa->blindings_inuse);
CRYPTO_MUTEX_cleanup(&rsa->lock);
OPENSSL_free(rsa);
}
BN_BLINDING *BN_BLINDING_new(void) {
BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING));
if (ret == NULL) {
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset(ret, 0, sizeof(BN_BLINDING));
ret->A = BN_new();
if (ret->A == NULL) {
goto err;
}
BN_set_flags(ret->A, BN_FLG_CONSTTIME);
ret->Ai = BN_new();
if (ret->Ai == NULL) {
goto err;
}
BN_set_flags(ret->Ai, BN_FLG_CONSTTIME);
/* The blinding values need to be created before this blinding can be used. */
ret->counter = BN_BLINDING_COUNTER - 1;
return ret;
err:
BN_BLINDING_free(ret);
return NULL;
}
void RSA_free_thread_blinding_ptr(RSA *r)
{
// look for storage for the current thread
pthread_t current = pthread_self();
int i;
for (i = 0; i < r->num_blinding_threads; ++i)
{
if (pthread_equal(current, r->blinding_array[i].thread_ID)) // do we have storage for this thread?
{
BN_BLINDING_free(r->blinding_array[i].blinding);
int new_count = r->num_blinding_threads - 1;
if (new_count == 0)
{
// no more thread storage, just blow our array away
free(r->blinding_array);
r->blinding_array = NULL;
r->num_blinding_threads = 0;
}
else
{
r->blinding_array[i] = r->blinding_array[new_count];
r->num_blinding_threads = new_count;
}
break;
}
}
}
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret=NULL;
bn_check_top(mod);
if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
{
BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
memset(ret,0,sizeof(BN_BLINDING));
if (A != NULL)
{
if ((ret->A = BN_dup(A)) == NULL) goto err;
}
if (Ai != NULL)
{
if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
}
/* save a copy of mod in the BN_BLINDING structure */
if ((ret->mod = BN_dup(mod)) == NULL) goto err;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
ret->counter = BN_BLINDING_COUNTER;
CRYPTO_THREADID_current(&ret->tid);
return(ret);
err:
if (ret != NULL) BN_BLINDING_free(ret);
return(NULL);
}
void RSA_blinding_off(RSA *rsa)
{
BN_BLINDING_free(rsa->blinding);
rsa->blinding = NULL;
rsa->flags &= ~RSA_FLAG_BLINDING;
rsa->flags |= RSA_FLAG_NO_BLINDING;
}
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret=NULL;
bn_check_top(mod);
if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL)
{
BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
memset(ret,0,sizeof(BN_BLINDING));
if (A != NULL)
{
if ((ret->A = BN_dup(A)) == NULL) goto err;
}
if (Ai != NULL)
{
if ((ret->Ai = BN_dup(Ai)) == NULL) goto err;
}
ret->mod = mod;
ret->counter = BN_BLINDING_COUNTER;
return(ret);
err:
if (ret != NULL) BN_BLINDING_free(ret);
return(NULL);
}
void FIPS_rsa_free(RSA *r)
{
if (!r)
return;
if (r->meth->finish)
r->meth->finish(r);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
OPENSSL_free(r);
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL) return;
i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"RSA_free, bad reference count\n");
abort();
}
#endif
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
#ifndef OPERA_SMALL_VERSION
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
#endif
OPENSSL_free(r);
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL) return;
i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"RSA_free, bad reference count\n");
TINYCLR_SSL_ABORT();
}
#endif
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
OPENSSL_free(r);
}
/* rsa_blinding_release marks the cached BN_BLINDING at the given index as free
* for other threads to use. */
static void rsa_blinding_release(RSA *rsa, BN_BLINDING *blinding,
unsigned blinding_index) {
if (blinding_index == MAX_BLINDINGS_PER_RSA) {
/* This blinding wasn't cached. */
BN_BLINDING_free(blinding);
return;
}
CRYPTO_MUTEX_lock_write(&rsa->lock);
rsa->blindings_inuse[blinding_index] = 0;
CRYPTO_MUTEX_unlock_write(&rsa->lock);
}
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
{
BIGNUM *A,*Ai = NULL;
BN_CTX *ctx;
int ret=0;
if (p_ctx == NULL)
{
if ((ctx=BN_CTX_new()) == NULL) goto err;
}
else
ctx=p_ctx;
/* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
if (rsa->blinding != NULL)
{
BN_BLINDING_free(rsa->blinding);
rsa->blinding = NULL;
}
/* NB: similar code appears in setup_blinding (rsa_eay.c);
* this should be placed in a new function of its own, but for reasons
* of binary compatibility can't */
BN_CTX_start(ctx);
A = BN_CTX_get(ctx);
if (rsa->d != NULL && rsa->d->d != NULL)
{
if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
}
else
{
if (!BN_rand_range(A,rsa->n)) goto err;
}
if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!rsa->meth->bn_mod_exp(A,A,
rsa->e,rsa->n,ctx,rsa->_method_mod_n))
goto err;
if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
/* to make things thread-safe without excessive locking,
* rsa->blinding will be used just by the current thread: */
rsa->flags |= RSA_FLAG_BLINDING;
rsa->flags &= ~RSA_FLAG_NO_BLINDING;
ret=1;
err:
if (Ai != NULL) BN_free(Ai);
BN_CTX_end(ctx);
if (ctx != p_ctx) BN_CTX_free(ctx);
return(ret);
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL)
return;
CRYPTO_DOWN_REF(&r->references, &i, r->lock);
REF_PRINT_COUNT("RSA", r);
if (i > 0)
return;
REF_ASSERT_ISNT(i < 0);
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
CRYPTO_THREAD_lock_free(r->lock);
BN_clear_free(r->n);
BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
RSA_PSS_PARAMS_free(r->pss);
sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free);
BN_BLINDING_free(r->blinding);
BN_BLINDING_free(r->mt_blinding);
OPENSSL_free(r->bignum_data);
OPENSSL_free(r);
}
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret = NULL;
bn_check_top(mod);
if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) {
BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->lock = CRYPTO_THREAD_lock_new();
if (ret->lock == NULL) {
BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
OPENSSL_free(ret);
return NULL;
}
BN_BLINDING_set_current_thread(ret);
if (A != NULL) {
if ((ret->A = BN_dup(A)) == NULL)
goto err;
}
if (Ai != NULL) {
if ((ret->Ai = BN_dup(Ai)) == NULL)
goto err;
}
/* save a copy of mod in the BN_BLINDING structure */
if ((ret->mod = BN_dup(mod)) == NULL)
goto err;
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
/*
* Set the counter to the special value -1 to indicate that this is
* never-used fresh blinding that does not need updating before first
* use.
*/
ret->counter = -1;
return ret;
err:
BN_BLINDING_free(ret);
return NULL;
}
BN_BLINDING *BN_BLINDING_new(const RSA *rsa, BN_CTX *ctx) {
assert(ctx != NULL);
BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING));
if (ret == NULL) {
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset(ret, 0, sizeof(BN_BLINDING));
ret->A = BN_new();
if (ret->A == NULL) {
goto err;
}
ret->Ai = BN_new();
if (ret->Ai == NULL) {
goto err;
}
if (rsa->e != NULL) {
ret->e = BN_dup(rsa->e);
if (ret->e == NULL) {
goto err;
}
} else {
ret->e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
if (ret->e == NULL) {
OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT);
goto err;
}
}
/* save a copy of mod in the BN_BLINDING structure */
ret->mod = BN_dup(rsa->n);
if (ret->mod == NULL) {
goto err;
}
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
/* The blinding values need to be created before this blinding can be used. */
ret->counter = BN_BLINDING_COUNTER - 1;
return ret;
err:
BN_BLINDING_free(ret);
return NULL;
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL)
return;
CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
REF_PRINT_COUNT("RSA", r);
if (i > 0)
return;
REF_ASSERT_ISNT(i < 0);
if (r->meth != NULL && r->meth->finish != NULL)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
CRYPTO_THREAD_lock_free(r->lock);
BN_clear_free(r->n);
BN_clear_free(r->e);
BN_clear_free(r->d);
BN_clear_free(r->p);
BN_clear_free(r->q);
BN_clear_free(r->dmp1);
BN_clear_free(r->dmq1);
BN_clear_free(r->iqmp);
BN_BLINDING_free(r->blinding);
BN_BLINDING_free(r->mt_blinding);
OPENSSL_free(r->bignum_data);
OPENSSL_free(r);
}
void RSA_free(RSA *rsa) {
unsigned u;
if (rsa == NULL) {
return;
}
if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) {
return;
}
if (rsa->meth->finish) {
rsa->meth->finish(rsa);
}
METHOD_unref(rsa->meth);
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, rsa, &rsa->ex_data);
if (rsa->n != NULL)
BN_clear_free(rsa->n);
if (rsa->e != NULL)
BN_clear_free(rsa->e);
if (rsa->d != NULL)
BN_clear_free(rsa->d);
if (rsa->p != NULL)
BN_clear_free(rsa->p);
if (rsa->q != NULL)
BN_clear_free(rsa->q);
if (rsa->dmp1 != NULL)
BN_clear_free(rsa->dmp1);
if (rsa->dmq1 != NULL)
BN_clear_free(rsa->dmq1);
if (rsa->iqmp != NULL)
BN_clear_free(rsa->iqmp);
for (u = 0; u < rsa->num_blindings; u++) {
BN_BLINDING_free(rsa->blindings[u]);
}
if (rsa->blindings != NULL)
OPENSSL_free(rsa->blindings);
if (rsa->blindings_inuse != NULL)
OPENSSL_free(rsa->blindings_inuse);
OPENSSL_free(rsa);
}
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) {
BN_BLINDING *ret = NULL;
ret = (BN_BLINDING*) OPENSSL_malloc(sizeof(BN_BLINDING));
if (ret == NULL) {
OPENSSL_PUT_ERROR(RSA, BN_BLINDING_new, ERR_R_MALLOC_FAILURE);
return NULL;
}
memset(ret, 0, sizeof(BN_BLINDING));
if (A != NULL) {
ret->A = BN_dup(A);
if (ret->A == NULL) {
goto err;
}
}
if (Ai != NULL) {
ret->Ai = BN_dup(Ai);
if (ret->Ai == NULL) {
goto err;
}
}
/* save a copy of mod in the BN_BLINDING structure */
ret->mod = BN_dup(mod);
if (ret->mod == NULL) {
goto err;
}
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) {
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
}
/* Set the counter to the special value -1
* to indicate that this is never-used fresh blinding
* that does not need updating before first use. */
ret->counter = -1;
return ret;
err:
if (ret != NULL) {
BN_BLINDING_free(ret);
}
return NULL;
}
void RSA_free(RSA *rsa) {
unsigned u;
if (rsa == NULL) {
return;
}
if (!CRYPTO_refcount_dec_and_test_zero(&rsa->references)) {
return;
}
if (rsa->meth->finish) {
rsa->meth->finish(rsa);
}
METHOD_unref(rsa->meth);
CRYPTO_free_ex_data(g_rsa_ex_data_class_bss_get(), rsa, &rsa->ex_data);
BN_free(rsa->n);
BN_free(rsa->e);
BN_free(rsa->d);
BN_free(rsa->p);
BN_free(rsa->q);
BN_free(rsa->dmp1);
BN_free(rsa->dmq1);
BN_free(rsa->iqmp);
BN_MONT_CTX_free(rsa->mont_n);
BN_MONT_CTX_free(rsa->mont_p);
BN_MONT_CTX_free(rsa->mont_q);
BN_free(rsa->d_fixed);
BN_free(rsa->dmp1_fixed);
BN_free(rsa->dmq1_fixed);
BN_free(rsa->inv_small_mod_large_mont);
for (u = 0; u < rsa->num_blindings; u++) {
BN_BLINDING_free(rsa->blindings[u]);
}
OPENSSL_free(rsa->blindings);
OPENSSL_free(rsa->blindings_inuse);
CRYPTO_MUTEX_cleanup(&rsa->lock);
OPENSSL_free(rsa);
}
void RSA_free(RSA *rsa) {
unsigned u;
if (rsa == NULL) {
return;
}
if (!CRYPTO_refcount_dec_and_test_zero(&rsa->references)) {
return;
}
if (rsa->meth->finish) {
rsa->meth->finish(rsa);
}
METHOD_unref(rsa->meth);
CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data);
BN_clear_free(rsa->n);
BN_clear_free(rsa->e);
BN_clear_free(rsa->d);
BN_clear_free(rsa->p);
BN_clear_free(rsa->q);
BN_clear_free(rsa->dmp1);
BN_clear_free(rsa->dmq1);
BN_clear_free(rsa->iqmp);
BN_MONT_CTX_free(rsa->mont_n);
BN_MONT_CTX_free(rsa->mont_p);
BN_MONT_CTX_free(rsa->mont_q);
for (u = 0; u < rsa->num_blindings; u++) {
BN_BLINDING_free(rsa->blindings[u]);
}
OPENSSL_free(rsa->blindings);
OPENSSL_free(rsa->blindings_inuse);
if (rsa->additional_primes != NULL) {
sk_RSA_additional_prime_pop_free(rsa->additional_primes,
RSA_additional_prime_free);
}
CRYPTO_MUTEX_cleanup(&rsa->lock);
OPENSSL_free(rsa);
}
BN_BLINDING *BN_BLINDING_new (const BIGNUM * A, const BIGNUM * Ai, BIGNUM * mod)
{
BN_BLINDING *ret = NULL;
bn_check_top (mod);
if ((ret = (BN_BLINDING *) OPENSSL_malloc (sizeof (BN_BLINDING))) == NULL)
{
BNerr (BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE);
return (NULL);
}
memset (ret, 0, sizeof (BN_BLINDING));
if (A != NULL)
{
if ((ret->A = BN_dup (A)) == NULL)
goto err;
}
if (Ai != NULL)
{
if ((ret->Ai = BN_dup (Ai)) == NULL)
goto err;
}
/* save a copy of mod in the BN_BLINDING structure */
if ((ret->mod = BN_dup (mod)) == NULL)
goto err;
if (BN_get_flags (mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags (ret->mod, BN_FLG_CONSTTIME);
/* Set the counter to the special value -1
* to indicate that this is never-used fresh blinding
* that does not need updating before first use. */
ret->counter = -1;
CRYPTO_THREADID_current (&ret->tid);
return (ret);
err:
if (ret != NULL)
BN_BLINDING_free (ret);
return (NULL);
}
void RSA_free(RSA *r)
{
RSA_METHOD *meth;
if (r == NULL) return;
meth = r->meth;
if (meth->finish != NULL)
meth->finish(r);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
rtlglue_free(r);
}
BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod)
{
BN_BLINDING *ret=NULL;
bn_check_top(Ai);
bn_check_top(mod);
if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL)
{
BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE);
return(NULL);
}
memset(ret,0,sizeof(BN_BLINDING));
if ((ret->A=BN_new()) == NULL) goto err;
if ((ret->Ai=BN_new()) == NULL) goto err;
if (!BN_copy(ret->A,A)) goto err;
if (!BN_copy(ret->Ai,Ai)) goto err;
ret->mod=mod;
return(ret);
err:
if (ret != NULL) BN_BLINDING_free(ret);
return(NULL);
}
BN_BLINDING *BN_BLINDING_create_param(
BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont),
const BN_MONT_CTX *mont) {
int retry_counter = 32;
BN_BLINDING *ret = NULL;
if (b == NULL) {
ret = BN_BLINDING_new(NULL, NULL, m);
} else {
ret = b;
}
if (ret == NULL) {
goto err;
}
if (ret->A == NULL && (ret->A = BN_new()) == NULL) {
goto err;
}
if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) {
goto err;
}
if (e != NULL) {
BN_free(ret->e);
ret->e = BN_dup(e);
}
if (ret->e == NULL) {
goto err;
}
if (bn_mod_exp != NULL) {
ret->bn_mod_exp = bn_mod_exp;
}
if (mont != NULL) {
ret->mont = mont;
}
do {
if (!BN_rand_range(ret->A, ret->mod)) {
goto err;
}
int no_inverse;
if (BN_mod_inverse_ex(ret->Ai, &no_inverse, ret->A, ret->mod, ctx) == NULL) {
/* this should almost never happen for good RSA keys */
if (no_inverse) {
if (retry_counter-- == 0) {
OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_MANY_ITERATIONS);
goto err;
}
ERR_clear_error();
} else {
goto err;
}
} else {
break;
}
} while (1);
if (ret->bn_mod_exp != NULL && ret->mont != NULL) {
if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->mont)) {
goto err;
}
} else {
if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) {
goto err;
}
}
return ret;
err:
if (b == NULL) {
BN_BLINDING_free(ret);
ret = NULL;
}
return ret;
}
/* rsa_blinding_get returns a BN_BLINDING to use with |rsa|. It does this by
* allocating one of the cached BN_BLINDING objects in |rsa->blindings|. If
* none are free, the cache will be extended by a extra element and the new
* BN_BLINDING is returned.
*
* On success, the index of the assigned BN_BLINDING is written to
* |*index_used| and must be passed to |rsa_blinding_release| when finished. */
static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
BN_CTX *ctx) {
BN_BLINDING *ret = NULL;
BN_BLINDING **new_blindings;
uint8_t *new_blindings_inuse;
char overflow = 0;
CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
if (rsa->num_blindings > 0) {
unsigned i, starting_index;
CRYPTO_THREADID threadid;
/* We start searching the array at a value based on the
* threadid in order to try avoid bouncing the BN_BLINDING
* values around different threads. It's harmless if
* threadid.val is always set to zero. */
CRYPTO_THREADID_current(&threadid);
starting_index = threadid.val % rsa->num_blindings;
for (i = starting_index;;) {
if (rsa->blindings_inuse[i] == 0) {
rsa->blindings_inuse[i] = 1;
ret = rsa->blindings[i];
*index_used = i;
break;
}
i++;
if (i == rsa->num_blindings) {
i = 0;
}
if (i == starting_index) {
break;
}
}
}
if (ret != NULL) {
CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
return ret;
}
overflow = rsa->num_blindings >= MAX_BLINDINGS_PER_RSA;
/* We didn't find a free BN_BLINDING to use so increase the length of
* the arrays by one and use the newly created element. */
CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
ret = rsa_setup_blinding(rsa, ctx);
if (ret == NULL) {
return NULL;
}
if (overflow) {
/* We cannot add any more cached BN_BLINDINGs so we use |ret|
* and mark it for destruction in |rsa_blinding_release|. */
*index_used = MAX_BLINDINGS_PER_RSA;
return ret;
}
CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
new_blindings =
OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1));
if (new_blindings == NULL) {
goto err1;
}
memcpy(new_blindings, rsa->blindings,
sizeof(BN_BLINDING *) * rsa->num_blindings);
new_blindings[rsa->num_blindings] = ret;
new_blindings_inuse = OPENSSL_malloc(rsa->num_blindings + 1);
if (new_blindings_inuse == NULL) {
goto err2;
}
memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings);
new_blindings_inuse[rsa->num_blindings] = 1;
*index_used = rsa->num_blindings;
if (rsa->blindings != NULL) {
OPENSSL_free(rsa->blindings);
}
rsa->blindings = new_blindings;
if (rsa->blindings_inuse != NULL) {
OPENSSL_free(rsa->blindings_inuse);
}
rsa->blindings_inuse = new_blindings_inuse;
rsa->num_blindings++;
CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
return ret;
err2:
OPENSSL_free(new_blindings);
err1:
CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
BN_BLINDING_free(ret);
return NULL;
}
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b,
const BIGNUM *e, BIGNUM *m, BN_CTX *ctx,
int (*bn_mod_exp) (BIGNUM *r,
const BIGNUM *a,
const BIGNUM *p,
const BIGNUM *m,
BN_CTX *ctx,
BN_MONT_CTX *m_ctx),
BN_MONT_CTX *m_ctx)
{
int retry_counter = 32;
BN_BLINDING *ret = NULL;
if (b == NULL)
ret = BN_BLINDING_new(NULL, NULL, m);
else
ret = b;
if (ret == NULL)
goto err;
if (ret->A == NULL && (ret->A = BN_new()) == NULL)
goto err;
if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL)
goto err;
if (e != NULL) {
if (ret->e != NULL)
BN_free(ret->e);
ret->e = BN_dup(e);
}
if (ret->e == NULL)
goto err;
if (bn_mod_exp != NULL)
ret->bn_mod_exp = bn_mod_exp;
if (m_ctx != NULL)
ret->m_ctx = m_ctx;
do {
if (!BN_rand_range(ret->A, ret->mod))
goto err;
if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) {
/*
* this should almost never happen for good RSA keys
*/
unsigned long error = ERR_peek_last_error();
if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) {
if (retry_counter-- == 0) {
BNerr(BN_F_BN_BLINDING_CREATE_PARAM,
BN_R_TOO_MANY_ITERATIONS);
goto err;
}
ERR_clear_error();
} else
goto err;
} else
break;
} while (1);
if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) {
if (!ret->bn_mod_exp
(ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx))
goto err;
} else {
if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx))
goto err;
}
return ret;
err:
if (b == NULL && ret != NULL) {
BN_BLINDING_free(ret);
ret = NULL;
}
return ret;
}
/* rsa_blinding_get returns a BN_BLINDING to use with |rsa|. It does this by
* allocating one of the cached BN_BLINDING objects in |rsa->blindings|. If
* none are free, the cache will be extended by a extra element and the new
* BN_BLINDING is returned.
*
* On success, the index of the assigned BN_BLINDING is written to
* |*index_used| and must be passed to |rsa_blinding_release| when finished. */
static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used,
BN_CTX *ctx) {
assert(ctx != NULL);
assert(rsa->mont_n != NULL);
BN_BLINDING *ret = NULL;
BN_BLINDING **new_blindings;
uint8_t *new_blindings_inuse;
char overflow = 0;
CRYPTO_MUTEX_lock_write(&rsa->lock);
unsigned i;
for (i = 0; i < rsa->num_blindings; i++) {
if (rsa->blindings_inuse[i] == 0) {
rsa->blindings_inuse[i] = 1;
ret = rsa->blindings[i];
*index_used = i;
break;
}
}
if (ret != NULL) {
CRYPTO_MUTEX_unlock_write(&rsa->lock);
return ret;
}
overflow = rsa->num_blindings >= MAX_BLINDINGS_PER_RSA;
/* We didn't find a free BN_BLINDING to use so increase the length of
* the arrays by one and use the newly created element. */
CRYPTO_MUTEX_unlock_write(&rsa->lock);
ret = BN_BLINDING_new();
if (ret == NULL) {
return NULL;
}
if (overflow) {
/* We cannot add any more cached BN_BLINDINGs so we use |ret|
* and mark it for destruction in |rsa_blinding_release|. */
*index_used = MAX_BLINDINGS_PER_RSA;
return ret;
}
CRYPTO_MUTEX_lock_write(&rsa->lock);
new_blindings =
OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1));
if (new_blindings == NULL) {
goto err1;
}
memcpy(new_blindings, rsa->blindings,
sizeof(BN_BLINDING *) * rsa->num_blindings);
new_blindings[rsa->num_blindings] = ret;
new_blindings_inuse = OPENSSL_malloc(rsa->num_blindings + 1);
if (new_blindings_inuse == NULL) {
goto err2;
}
memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings);
new_blindings_inuse[rsa->num_blindings] = 1;
*index_used = rsa->num_blindings;
OPENSSL_free(rsa->blindings);
rsa->blindings = new_blindings;
OPENSSL_free(rsa->blindings_inuse);
rsa->blindings_inuse = new_blindings_inuse;
rsa->num_blindings++;
CRYPTO_MUTEX_unlock_write(&rsa->lock);
return ret;
err2:
OPENSSL_free(new_blindings);
err1:
CRYPTO_MUTEX_unlock_write(&rsa->lock);
BN_BLINDING_free(ret);
return NULL;
}
