rsa_eay.c revision 43c12e3d4f9bbbbd4a8ba7b149686437514bc6b6
1656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* crypto/rsa/rsa_eay.c */ 2656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 3656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * All rights reserved. 4656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This package is an SSL implementation written 6656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * by Eric Young (eay@cryptsoft.com). 7656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The implementation was written so as to conform with Netscapes SSL. 8656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 9656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This library is free for commercial and non-commercial use as long as 10656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the following conditions are aheared to. The following conditions 11656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * apply to all code found in this distribution, be it the RC4, RSA, 12656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * lhash, DES, etc., code; not just the SSL code. The SSL documentation 13656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * included with this distribution is covered by the same copyright terms 14656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * except that the holder is Tim Hudson (tjh@cryptsoft.com). 15656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 16656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright remains Eric Young's, and as such any Copyright notices in 17656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the code are not to be removed. 18656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * If this package is used in a product, Eric Young should be given attribution 19656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * as the author of the parts of the library used. 20656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This can be in the form of a textual message at program startup or 21656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * in documentation (online or textual) provided with the package. 22656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 23656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 24656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 25656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 26656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the copyright 27656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 28656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 29656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in the 30656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * documentation and/or other materials provided with the distribution. 31656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this software 32656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * must display the following acknowledgement: 33656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes cryptographic software written by 34656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Eric Young (eay@cryptsoft.com)" 35656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The word 'cryptographic' can be left out if the rouines from the library 36656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * being used are not cryptographic related :-). 37656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. If you include any Windows specific code (or a derivative thereof) from 38656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the apps directory (application code) you must include an acknowledgement: 39656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 40656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 41656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 42656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 43656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 44656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 45656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 46656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 47656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 49656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 50656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 51656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SUCH DAMAGE. 52656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 53656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * The licence and distribution terms for any publically available version or 54656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * derivative of this code cannot be changed. i.e. this code cannot simply be 55656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * copied and put under another distribution licence 56656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * [including the GNU Public Licence.] 57656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 58656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* ==================================================================== 59656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 60656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 61656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Redistribution and use in source and binary forms, with or without 62656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * modification, are permitted provided that the following conditions 63656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * are met: 64656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 65656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 1. Redistributions of source code must retain the above copyright 66656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer. 67656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 68656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 2. Redistributions in binary form must reproduce the above copyright 69656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * notice, this list of conditions and the following disclaimer in 70656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the documentation and/or other materials provided with the 71656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * distribution. 72656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 73656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 3. All advertising materials mentioning features or use of this 74656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * software must display the following acknowledgment: 75656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 76656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit. (http://www.openssl.org/)" 77656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 78656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 79656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * endorse or promote products derived from this software without 80656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * prior written permission. For written permission, please contact 81656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * openssl-core@openssl.org. 82656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 83656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 5. Products derived from this software may not be called "OpenSSL" 84656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * nor may "OpenSSL" appear in their names without prior written 85656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * permission of the OpenSSL Project. 86656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 87656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 6. Redistributions of any form whatsoever must retain the following 88656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * acknowledgment: 89656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * "This product includes software developed by the OpenSSL Project 90656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for use in the OpenSSL Toolkit (http://www.openssl.org/)" 91656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 92656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 93656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 94656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 95656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 96656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 97656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 98656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 99656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 100656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 101656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 102656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 103656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * OF THE POSSIBILITY OF SUCH DAMAGE. 104656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * ==================================================================== 105656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 106656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This product includes cryptographic software written by Eric Young 107656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * (eay@cryptsoft.com). This product includes software written by Tim 108656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * Hudson (tjh@cryptsoft.com). 109656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * 110656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 111656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 112656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <stdio.h> 113656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include "cryptlib.h" 114656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/bn.h> 115656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rsa.h> 116656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#include <openssl/rand.h> 117656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 118221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom#ifndef RSA_NULL 119656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 120656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_public_encrypt(int flen, const unsigned char *from, 121656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa,int padding); 122656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_private_encrypt(int flen, const unsigned char *from, 123656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa,int padding); 124656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_public_decrypt(int flen, const unsigned char *from, 125656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa,int padding); 126656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_private_decrypt(int flen, const unsigned char *from, 127656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa,int padding); 128656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); 129656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_init(RSA *rsa); 130656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_finish(RSA *rsa); 131656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic RSA_METHOD rsa_pkcs1_eay_meth={ 132656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project "Eric Young's PKCS#1 RSA", 133656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_public_encrypt, 134656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_public_decrypt, /* signature verification */ 135656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_private_encrypt, /* signing */ 136656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_private_decrypt, 137656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_mod_exp, 138656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_mod_exp_mont, /* XXX probably we should not use Montgomery if e == 3 */ 139656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_init, 140656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSA_eay_finish, 141656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, /* flags */ 142656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL, 143656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, /* rsa_sign */ 144656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 0, /* rsa_verify */ 145656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project NULL /* rsa_keygen */ 146656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project }; 147656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 148656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectconst RSA_METHOD *RSA_PKCS1_SSLeay(void) 149656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 150656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(&rsa_pkcs1_eay_meth); 151656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 152656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 153656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_public_encrypt(int flen, const unsigned char *from, 154656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa, int padding) 155656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 156656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *f,*ret; 157656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,j,k,num=0,r= -1; 158656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *buf=NULL; 159656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx=NULL; 160656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 161656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) 162656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 163656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); 164656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 165656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 166656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 167656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_ucmp(rsa->n, rsa->e) <= 0) 168656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 169656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); 170656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 171656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 172656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 173656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* for large moduli, enforce exponent limit */ 174656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) 175656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 176656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) 177656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 178656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); 179656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 180656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 181656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 182656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 183656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ctx=BN_CTX_new()) == NULL) goto err; 184656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 185656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f = BN_CTX_get(ctx); 186656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_CTX_get(ctx); 187656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num=BN_num_bytes(rsa->n); 188656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf = OPENSSL_malloc(num); 189656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!f || !ret || !buf) 190656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 191656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); 192656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 193656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 194656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 195656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (padding) 196656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 197656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_PKCS1_PADDING: 198656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); 199656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 200656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SHA 201656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_PKCS1_OAEP_PADDING: 202656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); 203656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 204656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 205656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_SSLV23_PADDING: 206656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_SSLv23(buf,num,from,flen); 207656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 208656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_NO_PADDING: 209656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_none(buf,num,from,flen); 210656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 211656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 212656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); 213656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 214656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 215656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) goto err; 216656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 217656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_bin2bn(buf,num,f) == NULL) goto err; 218656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 219656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_ucmp(f, rsa->n) >= 0) 220656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 221656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* usually the padding functions would catch this */ 222656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 223656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 224656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 225656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 226e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) 227e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) 228e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 229656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 230656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 231656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_n)) goto err; 232656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 233656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* put in leading 0 bytes if the number is less than the 234656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * length of the modulus */ 235656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=BN_num_bytes(ret); 236656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=BN_bn2bin(ret,&(to[num-j])); 237656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (k=0; k<(num-i); k++) 238656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project to[k]=0; 239656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 240656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=num; 241656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 242656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) 243656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 244656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 245656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 246656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 247656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 248656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 249656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(buf,num); 250656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(buf); 251656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 252656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(r); 253656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 254656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 255656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) 256656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 257656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_BLINDING *ret; 258656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int got_write_lock = 0; 259221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom CRYPTO_THREADID cur; 260656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 261656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_lock(CRYPTO_LOCK_RSA); 262656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 263656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->blinding == NULL) 264656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 265656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_RSA); 266656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_RSA); 267656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project got_write_lock = 1; 268656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 269656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->blinding == NULL) 270656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->blinding = RSA_setup_blinding(rsa, ctx); 271656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 272656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 273656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = rsa->blinding; 274656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ret == NULL) 275656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 276656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 277221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom CRYPTO_THREADID_current(&cur); 278221304ee937bc0910948a8be1320cb8cc4eb6d36Brian Carlstrom if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) 279656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 280656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* rsa->blinding is ours! */ 281656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 282656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *local = 1; 283656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 284656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 285656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 286656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* resort to rsa->mt_blinding instead */ 287656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 288656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert() 289656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * that the BN_BLINDING is shared, meaning that accesses 290656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * require locks, and that the blinding factor must be 291656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * stored outside the BN_BLINDING 292656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 293656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 294656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->mt_blinding == NULL) 295656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 296656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!got_write_lock) 297656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 298656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_RSA); 299656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_RSA); 300656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project got_write_lock = 1; 301656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 302656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 303656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->mt_blinding == NULL) 304656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); 305656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 306656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = rsa->mt_blinding; 307656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 308656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 309656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project err: 310656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (got_write_lock) 311656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_RSA); 312656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 313656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_RSA); 314656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 315656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 316656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 317656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f, 318656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *r, BN_CTX *ctx) 319656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 320656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (local) 321656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return BN_BLINDING_convert_ex(f, NULL, b, ctx); 322656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 323656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 324656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret; 325656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING); 326656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_BLINDING_convert_ex(f, r, b, ctx); 327656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING); 328656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 329656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 330656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 331656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 332656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f, 333656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *r, BN_CTX *ctx) 334656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project{ 335656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (local) 336656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return BN_BLINDING_invert_ex(f, NULL, b, ctx); 337656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 338656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 339656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret; 340656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING); 341656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_BLINDING_invert_ex(f, r, b, ctx); 342656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING); 343656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return ret; 344656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 345656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project} 346656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 347656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* signing */ 348656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_private_encrypt(int flen, const unsigned char *from, 349656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa, int padding) 350656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 351656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *f, *ret, *br, *res; 352656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,j,k,num=0,r= -1; 353656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *buf=NULL; 354656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx=NULL; 355656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int local_blinding = 0; 356656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_BLINDING *blinding = NULL; 357656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 358656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((ctx=BN_CTX_new()) == NULL) goto err; 359656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 360656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f = BN_CTX_get(ctx); 361656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project br = BN_CTX_get(ctx); 362656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_CTX_get(ctx); 363656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num = BN_num_bytes(rsa->n); 364656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf = OPENSSL_malloc(num); 365656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!f || !ret || !buf) 366656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 367656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); 368656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 369656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 370656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 371656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (padding) 372656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 373656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_PKCS1_PADDING: 374656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); 375656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 376656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_X931_PADDING: 377656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_X931(buf,num,from,flen); 378656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 379656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_NO_PADDING: 380656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=RSA_padding_add_none(buf,num,from,flen); 381656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 382656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_SSLV23_PADDING: 383656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 384656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); 385656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 386656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 387656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (i <= 0) goto err; 388656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 389656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_bin2bn(buf,num,f) == NULL) goto err; 390656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 391656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_ucmp(f, rsa->n) >= 0) 392656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 393656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* usually the padding functions would catch this */ 394656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 395656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 396656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 397656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 398656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) 399656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 400656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project blinding = rsa_get_blinding(rsa, &local_blinding, ctx); 401656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (blinding == NULL) 402656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 403656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); 404656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 405656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 406656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 407656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 408656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (blinding != NULL) 409656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 410656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 411656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 412656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 413656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((rsa->p != NULL) && 414656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->q != NULL) && 415656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->dmp1 != NULL) && 416656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->dmq1 != NULL) && 417656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->iqmp != NULL)) ) 418656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 419656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; 420656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 421656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 422656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 423656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM local_d; 424656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *d = NULL; 425656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 426656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 427656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 428656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&local_d); 429656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = &local_d; 430656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 431656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 432656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 433656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d= rsa->d; 434656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 435e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) 436e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) 437e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 438656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 439656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 440656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_n)) goto err; 441656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 442656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 443656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (blinding) 444656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 445656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 446656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 447656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (padding == RSA_X931_PADDING) 448656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 449656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_sub(f, rsa->n, ret); 450656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_cmp(ret, f)) 451656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project res = f; 452656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 453656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project res = ret; 454656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 455656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 456656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project res = ret; 457656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 458656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* put in leading 0 bytes if the number is less than the 459656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * length of the modulus */ 460656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=BN_num_bytes(res); 461656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=BN_bn2bin(res,&(to[num-j])); 462656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project for (k=0; k<(num-i); k++) 463656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project to[k]=0; 464656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 465656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=num; 466656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 467656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) 468656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 469656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 470656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 471656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 472656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 473656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 474656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(buf,num); 475656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(buf); 476656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 477656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(r); 478656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 479656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 480656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_private_decrypt(int flen, const unsigned char *from, 481656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa, int padding) 482656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 483656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *f, *ret, *br; 484656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int j,num=0,r= -1; 485656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p; 486656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *buf=NULL; 487656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx=NULL; 488656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int local_blinding = 0; 489656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_BLINDING *blinding = NULL; 490656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 491656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((ctx = BN_CTX_new()) == NULL) goto err; 492656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 493656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f = BN_CTX_get(ctx); 494656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project br = BN_CTX_get(ctx); 495656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_CTX_get(ctx); 496656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num = BN_num_bytes(rsa->n); 497656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf = OPENSSL_malloc(num); 498656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!f || !ret || !buf) 499656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 500656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); 501656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 502656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 503656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 504656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This check was for equality but PGP does evil things 505656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and chops off the top '0' bytes */ 506656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (flen > num) 507656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 508656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); 509656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 510656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 511656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 512656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* make data into a big number */ 513656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; 514656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 515656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_ucmp(f, rsa->n) >= 0) 516656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 517656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 518656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 519656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 520656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 521656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) 522656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 523656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project blinding = rsa_get_blinding(rsa, &local_blinding, ctx); 524656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (blinding == NULL) 525656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 526656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); 527656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 528656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 529656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 530656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 531656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (blinding != NULL) 532656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 533656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 534656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 535656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* do the decrypt */ 536656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 537656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ((rsa->p != NULL) && 538656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->q != NULL) && 539656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->dmp1 != NULL) && 540656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->dmq1 != NULL) && 541656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project (rsa->iqmp != NULL)) ) 542656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 543656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; 544656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 545656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 546656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 547656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM local_d; 548656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *d = NULL; 549656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 550656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 551656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 552656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = &local_d; 553656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 554656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 555656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 556656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = rsa->d; 557656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 558e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) 559e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) 560e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 561656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 562656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_n)) 563656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 564656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 565656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 566656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (blinding) 567656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 568656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 569656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 570656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=buf; 571656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ 572656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 573656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (padding) 574656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 575656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_PKCS1_PADDING: 576656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); 577656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 578656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#ifndef OPENSSL_NO_SHA 579656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_PKCS1_OAEP_PADDING: 580656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0); 581656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 582656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 583656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_SSLV23_PADDING: 584656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_SSLv23(to,num,buf,j,num); 585656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 586656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_NO_PADDING: 587656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_none(to,num,buf,j,num); 588656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 589656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 590656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); 591656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 592656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 593656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r < 0) 594656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); 595656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 596656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 597656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) 598656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 599656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 600656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 601656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 602656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 603656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 604656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(buf,num); 605656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(buf); 606656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 607656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(r); 608656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 609656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 610656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project/* signature verification */ 611656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_public_decrypt(int flen, const unsigned char *from, 612656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *to, RSA *rsa, int padding) 613656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 614656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *f,*ret; 615656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int i,num=0,r= -1; 616656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *p; 617656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project unsigned char *buf=NULL; 618656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX *ctx=NULL; 619656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 620656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) 621656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 622656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); 623656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 624656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 625656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 626656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_ucmp(rsa->n, rsa->e) <= 0) 627656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 628656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); 629656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 630656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 631656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 632656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* for large moduli, enforce exponent limit */ 633656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) 634656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 635656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) 636656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 637656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); 638656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return -1; 639656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 640656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 641656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 642656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if((ctx = BN_CTX_new()) == NULL) goto err; 643656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 644656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project f = BN_CTX_get(ctx); 645656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret = BN_CTX_get(ctx); 646656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project num=BN_num_bytes(rsa->n); 647656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project buf = OPENSSL_malloc(num); 648656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if(!f || !ret || !buf) 649656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 650656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); 651656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 652656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 653656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 654656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This check was for equality but PGP does evil things 655656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * and chops off the top '0' bytes */ 656656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (flen > num) 657656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 658656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); 659656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 660656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 661656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 662656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_bin2bn(from,flen,f) == NULL) goto err; 663656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 664656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_ucmp(f, rsa->n) >= 0) 665656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 666656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 667656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 668656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 669656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 670e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) 671e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) 672e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 673656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 674656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 675656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_n)) goto err; 676656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 677656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) 67843c12e3d4f9bbbbd4a8ba7b149686437514bc6b6Brian Carlstrom if (!BN_sub(ret, rsa->n, ret)) goto err; 679656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 680656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p=buf; 681656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project i=BN_bn2bin(ret,p); 682656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 683656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project switch (padding) 684656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 685656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_PKCS1_PADDING: 686656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); 687656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 688656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_X931_PADDING: 689656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_X931(to,num,buf,i,num); 690656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 691656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project case RSA_NO_PADDING: 692656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r=RSA_padding_check_none(to,num,buf,i,num); 693656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project break; 694656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project default: 695656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); 696656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project goto err; 697656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 698656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (r < 0) 699656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); 700656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 701656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 702656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (ctx != NULL) 703656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 704656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 705656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_free(ctx); 706656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 707656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (buf != NULL) 708656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 709656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_cleanse(buf,num); 710656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project OPENSSL_free(buf); 711656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 712656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(r); 713656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 714656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 715656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 716656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 717656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *r1,*m1,*vrfy; 718656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM local_dmp1,local_dmq1,local_c,local_r1; 719656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *dmp1,*dmq1,*c,*pr1; 720656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project int ret=0; 721656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 722656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_start(ctx); 723656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project r1 = BN_CTX_get(ctx); 724656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project m1 = BN_CTX_get(ctx); 725656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project vrfy = BN_CTX_get(ctx); 726656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 727656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 728656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM local_p, local_q; 729656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *p = NULL, *q = NULL; 730656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 731656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Make sure BN_mod_inverse in Montgomery intialization uses the 732656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set) 733656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 734656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 735656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 736656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&local_p); 737656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = &local_p; 738656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME); 739656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 740656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_init(&local_q); 741656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q = &local_q; 742656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME); 743656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 744656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 745656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 746656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project p = rsa->p; 747656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project q = rsa->q; 748656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 749656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 750e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) 751e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu { 752e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) 753e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 754e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) 755e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 756e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu } 757656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 758656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 759e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) 760e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) 761e45f106cb6b47af1f21efe76e933bdea2f5dd1caNagendra Modadugu goto err; 762656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 763656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* compute I mod q */ 764656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 765656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 766656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c = &local_c; 767656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(c, I, BN_FLG_CONSTTIME); 768656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(r1,c,rsa->q,ctx)) goto err; 769656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 770656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 771656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 772656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(r1,I,rsa->q,ctx)) goto err; 773656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 774656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 775656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* compute r1^dmq1 mod q */ 776656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 777656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 778656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dmq1 = &local_dmq1; 779656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); 780656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 781656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 782656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dmq1 = rsa->dmq1; 783656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, 784656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_q)) goto err; 785656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 786656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* compute I mod p */ 787656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 788656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 789656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project c = &local_c; 790656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(c, I, BN_FLG_CONSTTIME); 791656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(r1,c,rsa->p,ctx)) goto err; 792656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 793656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 794656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 795656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(r1,I,rsa->p,ctx)) goto err; 796656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 797656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 798656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* compute r1^dmp1 mod p */ 799656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 800656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 801656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dmp1 = &local_dmp1; 802656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); 803656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 804656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 805656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project dmp1 = rsa->dmp1; 806656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx, 807656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_p)) goto err; 808656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 809656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_sub(r0,r0,m1)) goto err; 810656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* This will help stop the size of r0 increasing, which does 811656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * affect the multiply if it optimised for a power of 2 size */ 812656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_negative(r0)) 813656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(r0,r0,rsa->p)) goto err; 814656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 815656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; 816656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 817656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* Turn BN_FLG_CONSTTIME flag on before division operation */ 818656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 819656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 820656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pr1 = &local_r1; 821656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); 822656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 823656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 824656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project pr1 = r1; 825656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err; 826656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 827656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If p < q it is occasionally possible for the correction of 828656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * adding 'p' if r0 is negative above to leave the result still 829656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * negative. This can break the private key operations: the following 830656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * second correction should *always* correct this rare occurrence. 831656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * This will *never* happen with OpenSSL generated keys because 832656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * they ensure p > q [steve] 833656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project */ 834656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_negative(r0)) 835656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(r0,r0,rsa->p)) goto err; 836656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; 837656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(r0,r1,m1)) goto err; 838656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 839656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->e && rsa->n) 840656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 841656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; 842656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* If 'I' was greater than (or equal to) rsa->n, the operation 843656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * will be equivalent to using 'I mod n'. However, the result of 844656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * the verify will *always* be less than 'n' so we don't check 845656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * for absolute equality, just congruency. */ 846656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_sub(vrfy, vrfy, I)) goto err; 847656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; 848656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (BN_is_negative(vrfy)) 849656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_add(vrfy, vrfy, rsa->n)) goto err; 850656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!BN_is_zero(vrfy)) 851656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 852656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project /* 'I' and 'vrfy' aren't congruent mod n. Don't leak 853656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * miscalculated CRT output, just do a raw (slower) 854656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project * mod_exp and return that instead. */ 855656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 856656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM local_d; 857656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BIGNUM *d = NULL; 858656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 859656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 860656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 861656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = &local_d; 862656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 863656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 864656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project else 865656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project d = rsa->d; 866656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, 867656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->_method_mod_n)) goto err; 868656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 869656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 870656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project ret=1; 871656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projecterr: 872656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_CTX_end(ctx); 873656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(ret); 874656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 875656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 876656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_init(RSA *rsa) 877656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 878656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; 879656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 880656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 881656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 882656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Projectstatic int RSA_eay_finish(RSA *rsa) 883656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project { 884656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->_method_mod_n != NULL) 885656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX_free(rsa->_method_mod_n); 886656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->_method_mod_p != NULL) 887656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX_free(rsa->_method_mod_p); 888656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project if (rsa->_method_mod_q != NULL) 889656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project BN_MONT_CTX_free(rsa->_method_mod_q); 890656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project return(1); 891656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project } 892656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project 893656d9c7f52f88b3a3daccafa7655dec086c4756eThe Android Open Source Project#endif 894