void RSA_free(RSA *r) { int i; if (r == NULL) return; i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); if (i > 0) return; if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); BN_clear_free(r->n); BN_clear_free(r->e); BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); BN_BLINDING_free(r->blinding); BN_BLINDING_free(r->mt_blinding); free(r); }
void RSA_free(RSA *r) { int i; if (r == NULL) return; i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); #ifdef REF_PRINT REF_PRINT("RSA",r); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr,"RSA_free, bad reference count\n"); abort(); } #endif if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); if (r->additional_primes != NULL) { int j; for (j = 0; j < sk_RSA_additional_prime_num(r->additional_primes); j++) { RSA_additional_prime *ap = sk_RSA_additional_prime_value(r->additional_primes, j); BN_clear_free(ap->prime); BN_clear_free(ap->exp); BN_clear_free(ap->coeff); BN_clear_free(ap->r); } sk_RSA_additional_prime_pop_free(r->additional_primes, int_rsa_free_additional_prime); } OPENSSL_free(r); }
void RSA_free(RSA *rsa) { unsigned u; if (rsa == NULL) { return; } if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) { return; } if (rsa->meth->finish) { rsa->meth->finish(rsa); } METHOD_unref(rsa->meth); CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data); BN_clear_free(rsa->n); BN_clear_free(rsa->e); BN_clear_free(rsa->d); BN_clear_free(rsa->p); BN_clear_free(rsa->q); BN_clear_free(rsa->dmp1); BN_clear_free(rsa->dmq1); BN_clear_free(rsa->iqmp); for (u = 0; u < rsa->num_blindings; u++) { BN_BLINDING_free(rsa->blindings[u]); } OPENSSL_free(rsa->blindings); OPENSSL_free(rsa->blindings_inuse); CRYPTO_MUTEX_cleanup(&rsa->lock); OPENSSL_free(rsa); }
BN_BLINDING *BN_BLINDING_new(void) { BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING)); if (ret == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(BN_BLINDING)); ret->A = BN_new(); if (ret->A == NULL) { goto err; } BN_set_flags(ret->A, BN_FLG_CONSTTIME); ret->Ai = BN_new(); if (ret->Ai == NULL) { goto err; } BN_set_flags(ret->Ai, BN_FLG_CONSTTIME); /* The blinding values need to be created before this blinding can be used. */ ret->counter = BN_BLINDING_COUNTER - 1; return ret; err: BN_BLINDING_free(ret); return NULL; }
void RSA_free_thread_blinding_ptr(RSA *r) { // look for storage for the current thread pthread_t current = pthread_self(); int i; for (i = 0; i < r->num_blinding_threads; ++i) { if (pthread_equal(current, r->blinding_array[i].thread_ID)) // do we have storage for this thread? { BN_BLINDING_free(r->blinding_array[i].blinding); int new_count = r->num_blinding_threads - 1; if (new_count == 0) { // no more thread storage, just blow our array away free(r->blinding_array); r->blinding_array = NULL; r->num_blinding_threads = 0; } else { r->blinding_array[i] = r->blinding_array[new_count]; r->num_blinding_threads = new_count; } break; } } }
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret=NULL; bn_check_top(mod); if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } memset(ret,0,sizeof(BN_BLINDING)); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; } if (Ai != NULL) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; } /* save a copy of mod in the BN_BLINDING structure */ if ((ret->mod = BN_dup(mod)) == NULL) goto err; if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); ret->counter = BN_BLINDING_COUNTER; CRYPTO_THREADID_current(&ret->tid); return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); return(NULL); }
void RSA_blinding_off(RSA *rsa) { BN_BLINDING_free(rsa->blinding); rsa->blinding = NULL; rsa->flags &= ~RSA_FLAG_BLINDING; rsa->flags |= RSA_FLAG_NO_BLINDING; }
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret=NULL; bn_check_top(mod); if ((ret=(BN_BLINDING *)OPENSSL_malloc(sizeof(BN_BLINDING))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } memset(ret,0,sizeof(BN_BLINDING)); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; } if (Ai != NULL) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; } ret->mod = mod; ret->counter = BN_BLINDING_COUNTER; return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); return(NULL); }
void FIPS_rsa_free(RSA *r) { if (!r) return; if (r->meth->finish) r->meth->finish(r); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); OPENSSL_free(r); }
void RSA_free(RSA *r) { int i; if (r == NULL) return; i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); #ifdef REF_PRINT REF_PRINT("RSA",r); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { fprintf(stderr,"RSA_free, bad reference count\n"); abort(); } #endif if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); #ifndef OPERA_SMALL_VERSION if (r->blinding != NULL) BN_BLINDING_free(r->blinding); if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); #endif OPENSSL_free(r); }
void RSA_free(RSA *r) { int i; if (r == NULL) return; i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); #ifdef REF_PRINT REF_PRINT("RSA",r); #endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) { TINYCLR_SSL_FPRINTF(OPENSSL_TYPE__FILE_STDERR,"RSA_free, bad reference count\n"); TINYCLR_SSL_ABORT(); } #endif if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE if (r->engine) ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding); if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); OPENSSL_free(r); }
/* rsa_blinding_release marks the cached BN_BLINDING at the given index as free * for other threads to use. */ static void rsa_blinding_release(RSA *rsa, BN_BLINDING *blinding, unsigned blinding_index) { if (blinding_index == MAX_BLINDINGS_PER_RSA) { /* This blinding wasn't cached. */ BN_BLINDING_free(blinding); return; } CRYPTO_MUTEX_lock_write(&rsa->lock); rsa->blindings_inuse[blinding_index] = 0; CRYPTO_MUTEX_unlock_write(&rsa->lock); }
int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { BIGNUM *A,*Ai = NULL; BN_CTX *ctx; int ret=0; if (p_ctx == NULL) { if ((ctx=BN_CTX_new()) == NULL) goto err; } else ctx=p_ctx; /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */ if (rsa->blinding != NULL) { BN_BLINDING_free(rsa->blinding); rsa->blinding = NULL; } /* NB: similar code appears in setup_blinding (rsa_eay.c); * this should be placed in a new function of its own, but for reasons * of binary compatibility can't */ BN_CTX_start(ctx); A = BN_CTX_get(ctx); if (rsa->d != NULL && rsa->d->d != NULL) { if (!BN_pseudo_rand_range(A,rsa->n)) goto err; } else { if (!BN_rand_range(A,rsa->n)) goto err; } if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A, rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err; /* to make things thread-safe without excessive locking, * rsa->blinding will be used just by the current thread: */ rsa->flags |= RSA_FLAG_BLINDING; rsa->flags &= ~RSA_FLAG_NO_BLINDING; ret=1; err: if (Ai != NULL) BN_free(Ai); BN_CTX_end(ctx); if (ctx != p_ctx) BN_CTX_free(ctx); return(ret); }
void RSA_free(RSA *r) { int i; if (r == NULL) return; CRYPTO_DOWN_REF(&r->references, &i, r->lock); REF_PRINT_COUNT("RSA", r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); if (r->meth->finish) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); CRYPTO_THREAD_lock_free(r->lock); BN_clear_free(r->n); BN_clear_free(r->e); BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); RSA_PSS_PARAMS_free(r->pss); sk_RSA_PRIME_INFO_pop_free(r->prime_infos, rsa_multip_info_free); BN_BLINDING_free(r->blinding); BN_BLINDING_free(r->mt_blinding); OPENSSL_free(r->bignum_data); OPENSSL_free(r); }
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret = NULL; bn_check_top(mod); if ((ret = OPENSSL_zalloc(sizeof(*ret))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return NULL; } ret->lock = CRYPTO_THREAD_lock_new(); if (ret->lock == NULL) { BNerr(BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); OPENSSL_free(ret); return NULL; } BN_BLINDING_set_current_thread(ret); if (A != NULL) { if ((ret->A = BN_dup(A)) == NULL) goto err; } if (Ai != NULL) { if ((ret->Ai = BN_dup(Ai)) == NULL) goto err; } /* save a copy of mod in the BN_BLINDING structure */ if ((ret->mod = BN_dup(mod)) == NULL) goto err; if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) BN_set_flags(ret->mod, BN_FLG_CONSTTIME); /* * Set the counter to the special value -1 to indicate that this is * never-used fresh blinding that does not need updating before first * use. */ ret->counter = -1; return ret; err: BN_BLINDING_free(ret); return NULL; }
BN_BLINDING *BN_BLINDING_new(const RSA *rsa, BN_CTX *ctx) { assert(ctx != NULL); BN_BLINDING *ret = OPENSSL_malloc(sizeof(BN_BLINDING)); if (ret == NULL) { OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(BN_BLINDING)); ret->A = BN_new(); if (ret->A == NULL) { goto err; } ret->Ai = BN_new(); if (ret->Ai == NULL) { goto err; } if (rsa->e != NULL) { ret->e = BN_dup(rsa->e); if (ret->e == NULL) { goto err; } } else { ret->e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); if (ret->e == NULL) { OPENSSL_PUT_ERROR(RSA, RSA_R_NO_PUBLIC_EXPONENT); goto err; } } /* save a copy of mod in the BN_BLINDING structure */ ret->mod = BN_dup(rsa->n); if (ret->mod == NULL) { goto err; } BN_set_flags(ret->mod, BN_FLG_CONSTTIME); /* The blinding values need to be created before this blinding can be used. */ ret->counter = BN_BLINDING_COUNTER - 1; return ret; err: BN_BLINDING_free(ret); return NULL; }
void RSA_free(RSA *r) { int i; if (r == NULL) return; CRYPTO_atomic_add(&r->references, -1, &i, r->lock); REF_PRINT_COUNT("RSA", r); if (i > 0) return; REF_ASSERT_ISNT(i < 0); if (r->meth != NULL && r->meth->finish != NULL) r->meth->finish(r); #ifndef OPENSSL_NO_ENGINE ENGINE_finish(r->engine); #endif CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); CRYPTO_THREAD_lock_free(r->lock); BN_clear_free(r->n); BN_clear_free(r->e); BN_clear_free(r->d); BN_clear_free(r->p); BN_clear_free(r->q); BN_clear_free(r->dmp1); BN_clear_free(r->dmq1); BN_clear_free(r->iqmp); BN_BLINDING_free(r->blinding); BN_BLINDING_free(r->mt_blinding); OPENSSL_free(r->bignum_data); OPENSSL_free(r); }
void RSA_free(RSA *rsa) { unsigned u; if (rsa == NULL) { return; } if (CRYPTO_add(&rsa->references, -1, CRYPTO_LOCK_RSA) > 0) { return; } if (rsa->meth->finish) { rsa->meth->finish(rsa); } METHOD_unref(rsa->meth); CRYPTO_free_ex_data(CRYPTO_EX_INDEX_DSA, rsa, &rsa->ex_data); if (rsa->n != NULL) BN_clear_free(rsa->n); if (rsa->e != NULL) BN_clear_free(rsa->e); if (rsa->d != NULL) BN_clear_free(rsa->d); if (rsa->p != NULL) BN_clear_free(rsa->p); if (rsa->q != NULL) BN_clear_free(rsa->q); if (rsa->dmp1 != NULL) BN_clear_free(rsa->dmp1); if (rsa->dmq1 != NULL) BN_clear_free(rsa->dmq1); if (rsa->iqmp != NULL) BN_clear_free(rsa->iqmp); for (u = 0; u < rsa->num_blindings; u++) { BN_BLINDING_free(rsa->blindings[u]); } if (rsa->blindings != NULL) OPENSSL_free(rsa->blindings); if (rsa->blindings_inuse != NULL) OPENSSL_free(rsa->blindings_inuse); OPENSSL_free(rsa); }
BN_BLINDING *BN_BLINDING_new(const BIGNUM *A, const BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret = NULL; ret = (BN_BLINDING*) OPENSSL_malloc(sizeof(BN_BLINDING)); if (ret == NULL) { OPENSSL_PUT_ERROR(RSA, BN_BLINDING_new, ERR_R_MALLOC_FAILURE); return NULL; } memset(ret, 0, sizeof(BN_BLINDING)); if (A != NULL) { ret->A = BN_dup(A); if (ret->A == NULL) { goto err; } } if (Ai != NULL) { ret->Ai = BN_dup(Ai); if (ret->Ai == NULL) { goto err; } } /* save a copy of mod in the BN_BLINDING structure */ ret->mod = BN_dup(mod); if (ret->mod == NULL) { goto err; } if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0) { BN_set_flags(ret->mod, BN_FLG_CONSTTIME); } /* Set the counter to the special value -1 * to indicate that this is never-used fresh blinding * that does not need updating before first use. */ ret->counter = -1; return ret; err: if (ret != NULL) { BN_BLINDING_free(ret); } return NULL; }
void RSA_free(RSA *rsa) { unsigned u; if (rsa == NULL) { return; } if (!CRYPTO_refcount_dec_and_test_zero(&rsa->references)) { return; } if (rsa->meth->finish) { rsa->meth->finish(rsa); } METHOD_unref(rsa->meth); CRYPTO_free_ex_data(g_rsa_ex_data_class_bss_get(), rsa, &rsa->ex_data); BN_free(rsa->n); BN_free(rsa->e); BN_free(rsa->d); BN_free(rsa->p); BN_free(rsa->q); BN_free(rsa->dmp1); BN_free(rsa->dmq1); BN_free(rsa->iqmp); BN_MONT_CTX_free(rsa->mont_n); BN_MONT_CTX_free(rsa->mont_p); BN_MONT_CTX_free(rsa->mont_q); BN_free(rsa->d_fixed); BN_free(rsa->dmp1_fixed); BN_free(rsa->dmq1_fixed); BN_free(rsa->inv_small_mod_large_mont); for (u = 0; u < rsa->num_blindings; u++) { BN_BLINDING_free(rsa->blindings[u]); } OPENSSL_free(rsa->blindings); OPENSSL_free(rsa->blindings_inuse); CRYPTO_MUTEX_cleanup(&rsa->lock); OPENSSL_free(rsa); }
void RSA_free(RSA *rsa) { unsigned u; if (rsa == NULL) { return; } if (!CRYPTO_refcount_dec_and_test_zero(&rsa->references)) { return; } if (rsa->meth->finish) { rsa->meth->finish(rsa); } METHOD_unref(rsa->meth); CRYPTO_free_ex_data(&g_ex_data_class, rsa, &rsa->ex_data); BN_clear_free(rsa->n); BN_clear_free(rsa->e); BN_clear_free(rsa->d); BN_clear_free(rsa->p); BN_clear_free(rsa->q); BN_clear_free(rsa->dmp1); BN_clear_free(rsa->dmq1); BN_clear_free(rsa->iqmp); BN_MONT_CTX_free(rsa->mont_n); BN_MONT_CTX_free(rsa->mont_p); BN_MONT_CTX_free(rsa->mont_q); for (u = 0; u < rsa->num_blindings; u++) { BN_BLINDING_free(rsa->blindings[u]); } OPENSSL_free(rsa->blindings); OPENSSL_free(rsa->blindings_inuse); if (rsa->additional_primes != NULL) { sk_RSA_additional_prime_pop_free(rsa->additional_primes, RSA_additional_prime_free); } CRYPTO_MUTEX_cleanup(&rsa->lock); OPENSSL_free(rsa); }
BN_BLINDING *BN_BLINDING_new (const BIGNUM * A, const BIGNUM * Ai, BIGNUM * mod) { BN_BLINDING *ret = NULL; bn_check_top (mod); if ((ret = (BN_BLINDING *) OPENSSL_malloc (sizeof (BN_BLINDING))) == NULL) { BNerr (BN_F_BN_BLINDING_NEW, ERR_R_MALLOC_FAILURE); return (NULL); } memset (ret, 0, sizeof (BN_BLINDING)); if (A != NULL) { if ((ret->A = BN_dup (A)) == NULL) goto err; } if (Ai != NULL) { if ((ret->Ai = BN_dup (Ai)) == NULL) goto err; } /* save a copy of mod in the BN_BLINDING structure */ if ((ret->mod = BN_dup (mod)) == NULL) goto err; if (BN_get_flags (mod, BN_FLG_CONSTTIME) != 0) BN_set_flags (ret->mod, BN_FLG_CONSTTIME); /* Set the counter to the special value -1 * to indicate that this is never-used fresh blinding * that does not need updating before first use. */ ret->counter = -1; CRYPTO_THREADID_current (&ret->tid); return (ret); err: if (ret != NULL) BN_BLINDING_free (ret); return (NULL); }
void RSA_free(RSA *r) { RSA_METHOD *meth; if (r == NULL) return; meth = r->meth; if (meth->finish != NULL) meth->finish(r); if (r->n != NULL) BN_clear_free(r->n); if (r->e != NULL) BN_clear_free(r->e); if (r->d != NULL) BN_clear_free(r->d); if (r->p != NULL) BN_clear_free(r->p); if (r->q != NULL) BN_clear_free(r->q); if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); rtlglue_free(r); }
BN_BLINDING *BN_BLINDING_new(BIGNUM *A, BIGNUM *Ai, BIGNUM *mod) { BN_BLINDING *ret=NULL; bn_check_top(Ai); bn_check_top(mod); if ((ret=(BN_BLINDING *)Malloc(sizeof(BN_BLINDING))) == NULL) { BNerr(BN_F_BN_BLINDING_NEW,ERR_R_MALLOC_FAILURE); return(NULL); } memset(ret,0,sizeof(BN_BLINDING)); if ((ret->A=BN_new()) == NULL) goto err; if ((ret->Ai=BN_new()) == NULL) goto err; if (!BN_copy(ret->A,A)) goto err; if (!BN_copy(ret->Ai,Ai)) goto err; ret->mod=mod; return(ret); err: if (ret != NULL) BN_BLINDING_free(ret); return(NULL); }
BN_BLINDING *BN_BLINDING_create_param( BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, const BN_MONT_CTX *mont), const BN_MONT_CTX *mont) { int retry_counter = 32; BN_BLINDING *ret = NULL; if (b == NULL) { ret = BN_BLINDING_new(NULL, NULL, m); } else { ret = b; } if (ret == NULL) { goto err; } if (ret->A == NULL && (ret->A = BN_new()) == NULL) { goto err; } if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) { goto err; } if (e != NULL) { BN_free(ret->e); ret->e = BN_dup(e); } if (ret->e == NULL) { goto err; } if (bn_mod_exp != NULL) { ret->bn_mod_exp = bn_mod_exp; } if (mont != NULL) { ret->mont = mont; } do { if (!BN_rand_range(ret->A, ret->mod)) { goto err; } int no_inverse; if (BN_mod_inverse_ex(ret->Ai, &no_inverse, ret->A, ret->mod, ctx) == NULL) { /* this should almost never happen for good RSA keys */ if (no_inverse) { if (retry_counter-- == 0) { OPENSSL_PUT_ERROR(RSA, RSA_R_TOO_MANY_ITERATIONS); goto err; } ERR_clear_error(); } else { goto err; } } else { break; } } while (1); if (ret->bn_mod_exp != NULL && ret->mont != NULL) { if (!ret->bn_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx, ret->mont)) { goto err; } } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) { goto err; } } return ret; err: if (b == NULL) { BN_BLINDING_free(ret); ret = NULL; } return ret; }
/* rsa_blinding_get returns a BN_BLINDING to use with |rsa|. It does this by * allocating one of the cached BN_BLINDING objects in |rsa->blindings|. If * none are free, the cache will be extended by a extra element and the new * BN_BLINDING is returned. * * On success, the index of the assigned BN_BLINDING is written to * |*index_used| and must be passed to |rsa_blinding_release| when finished. */ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, BN_CTX *ctx) { BN_BLINDING *ret = NULL; BN_BLINDING **new_blindings; uint8_t *new_blindings_inuse; char overflow = 0; CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); if (rsa->num_blindings > 0) { unsigned i, starting_index; CRYPTO_THREADID threadid; /* We start searching the array at a value based on the * threadid in order to try avoid bouncing the BN_BLINDING * values around different threads. It's harmless if * threadid.val is always set to zero. */ CRYPTO_THREADID_current(&threadid); starting_index = threadid.val % rsa->num_blindings; for (i = starting_index;;) { if (rsa->blindings_inuse[i] == 0) { rsa->blindings_inuse[i] = 1; ret = rsa->blindings[i]; *index_used = i; break; } i++; if (i == rsa->num_blindings) { i = 0; } if (i == starting_index) { break; } } } if (ret != NULL) { CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); return ret; } overflow = rsa->num_blindings >= MAX_BLINDINGS_PER_RSA; /* We didn't find a free BN_BLINDING to use so increase the length of * the arrays by one and use the newly created element. */ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); ret = rsa_setup_blinding(rsa, ctx); if (ret == NULL) { return NULL; } if (overflow) { /* We cannot add any more cached BN_BLINDINGs so we use |ret| * and mark it for destruction in |rsa_blinding_release|. */ *index_used = MAX_BLINDINGS_PER_RSA; return ret; } CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); new_blindings = OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1)); if (new_blindings == NULL) { goto err1; } memcpy(new_blindings, rsa->blindings, sizeof(BN_BLINDING *) * rsa->num_blindings); new_blindings[rsa->num_blindings] = ret; new_blindings_inuse = OPENSSL_malloc(rsa->num_blindings + 1); if (new_blindings_inuse == NULL) { goto err2; } memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings); new_blindings_inuse[rsa->num_blindings] = 1; *index_used = rsa->num_blindings; if (rsa->blindings != NULL) { OPENSSL_free(rsa->blindings); } rsa->blindings = new_blindings; if (rsa->blindings_inuse != NULL) { OPENSSL_free(rsa->blindings_inuse); } rsa->blindings_inuse = new_blindings_inuse; rsa->num_blindings++; CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); return ret; err2: OPENSSL_free(new_blindings); err1: CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); BN_BLINDING_free(ret); return NULL; }
BN_BLINDING *BN_BLINDING_create_param(BN_BLINDING *b, const BIGNUM *e, BIGNUM *m, BN_CTX *ctx, int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p, const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx), BN_MONT_CTX *m_ctx) { int retry_counter = 32; BN_BLINDING *ret = NULL; if (b == NULL) ret = BN_BLINDING_new(NULL, NULL, m); else ret = b; if (ret == NULL) goto err; if (ret->A == NULL && (ret->A = BN_new()) == NULL) goto err; if (ret->Ai == NULL && (ret->Ai = BN_new()) == NULL) goto err; if (e != NULL) { if (ret->e != NULL) BN_free(ret->e); ret->e = BN_dup(e); } if (ret->e == NULL) goto err; if (bn_mod_exp != NULL) ret->bn_mod_exp = bn_mod_exp; if (m_ctx != NULL) ret->m_ctx = m_ctx; do { if (!BN_rand_range(ret->A, ret->mod)) goto err; if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL) { /* * this should almost never happen for good RSA keys */ unsigned long error = ERR_peek_last_error(); if (ERR_GET_REASON(error) == BN_R_NO_INVERSE) { if (retry_counter-- == 0) { BNerr(BN_F_BN_BLINDING_CREATE_PARAM, BN_R_TOO_MANY_ITERATIONS); goto err; } ERR_clear_error(); } else goto err; } else break; } while (1); if (ret->bn_mod_exp != NULL && ret->m_ctx != NULL) { if (!ret->bn_mod_exp (ret->A, ret->A, ret->e, ret->mod, ctx, ret->m_ctx)) goto err; } else { if (!BN_mod_exp(ret->A, ret->A, ret->e, ret->mod, ctx)) goto err; } return ret; err: if (b == NULL && ret != NULL) { BN_BLINDING_free(ret); ret = NULL; } return ret; }
/* rsa_blinding_get returns a BN_BLINDING to use with |rsa|. It does this by * allocating one of the cached BN_BLINDING objects in |rsa->blindings|. If * none are free, the cache will be extended by a extra element and the new * BN_BLINDING is returned. * * On success, the index of the assigned BN_BLINDING is written to * |*index_used| and must be passed to |rsa_blinding_release| when finished. */ static BN_BLINDING *rsa_blinding_get(RSA *rsa, unsigned *index_used, BN_CTX *ctx) { assert(ctx != NULL); assert(rsa->mont_n != NULL); BN_BLINDING *ret = NULL; BN_BLINDING **new_blindings; uint8_t *new_blindings_inuse; char overflow = 0; CRYPTO_MUTEX_lock_write(&rsa->lock); unsigned i; for (i = 0; i < rsa->num_blindings; i++) { if (rsa->blindings_inuse[i] == 0) { rsa->blindings_inuse[i] = 1; ret = rsa->blindings[i]; *index_used = i; break; } } if (ret != NULL) { CRYPTO_MUTEX_unlock_write(&rsa->lock); return ret; } overflow = rsa->num_blindings >= MAX_BLINDINGS_PER_RSA; /* We didn't find a free BN_BLINDING to use so increase the length of * the arrays by one and use the newly created element. */ CRYPTO_MUTEX_unlock_write(&rsa->lock); ret = BN_BLINDING_new(); if (ret == NULL) { return NULL; } if (overflow) { /* We cannot add any more cached BN_BLINDINGs so we use |ret| * and mark it for destruction in |rsa_blinding_release|. */ *index_used = MAX_BLINDINGS_PER_RSA; return ret; } CRYPTO_MUTEX_lock_write(&rsa->lock); new_blindings = OPENSSL_malloc(sizeof(BN_BLINDING *) * (rsa->num_blindings + 1)); if (new_blindings == NULL) { goto err1; } memcpy(new_blindings, rsa->blindings, sizeof(BN_BLINDING *) * rsa->num_blindings); new_blindings[rsa->num_blindings] = ret; new_blindings_inuse = OPENSSL_malloc(rsa->num_blindings + 1); if (new_blindings_inuse == NULL) { goto err2; } memcpy(new_blindings_inuse, rsa->blindings_inuse, rsa->num_blindings); new_blindings_inuse[rsa->num_blindings] = 1; *index_used = rsa->num_blindings; OPENSSL_free(rsa->blindings); rsa->blindings = new_blindings; OPENSSL_free(rsa->blindings_inuse); rsa->blindings_inuse = new_blindings_inuse; rsa->num_blindings++; CRYPTO_MUTEX_unlock_write(&rsa->lock); return ret; err2: OPENSSL_free(new_blindings); err1: CRYPTO_MUTEX_unlock_write(&rsa->lock); BN_BLINDING_free(ret); return NULL; }