Lines Matching refs:rsa
22 unsigned char *to, RSA *rsa, int padding);
24 unsigned char *to, RSA *rsa, int padding);
26 unsigned char *to, RSA *rsa, int padding);
28 unsigned char *to, RSA *rsa, int padding);
29 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
31 static int rsa_ossl_init(RSA *rsa);
32 static int rsa_ossl_finish(RSA *rsa);
75 unsigned char *to, RSA *rsa, int padding)
82 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
87 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
93 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
94 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
100 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL)
105 num = BN_num_bytes(rsa->n);
114 i = ossl_rsa_padding_add_PKCS1_type_2_ex(rsa->libctx, buf, num,
118 i = ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(rsa->libctx, buf, num,
135 if (BN_ucmp(f, rsa->n) >= 0) {
141 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
142 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
143 rsa->n, ctx))
146 if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
147 rsa->_method_mod_n))
162 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
166 if (!CRYPTO_THREAD_write_lock(rsa->lock))
169 if (rsa->blinding == NULL) {
170 rsa->blinding = RSA_setup_blinding(rsa, ctx);
173 ret = rsa->blinding;
178 /* rsa->blinding is ours! */
182 /* resort to rsa->mt_blinding instead */
191 if (rsa->mt_blinding == NULL) {
192 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
194 ret = rsa->mt_blinding;
198 CRYPTO_THREAD_unlock(rsa->lock);
243 unsigned char *to, RSA *rsa, int padding)
258 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL)
263 num = BN_num_bytes(rsa->n);
290 if (BN_ucmp(f, rsa->n) >= 0) {
296 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
297 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
298 rsa->n, ctx))
301 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
302 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
318 if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
319 (rsa->version == RSA_ASN1_VERSION_MULTI) ||
320 ((rsa->p != NULL) &&
321 (rsa->q != NULL) &&
322 (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
323 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
331 if (rsa->d == NULL) {
336 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
338 if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
339 rsa->_method_mod_n)) {
343 /* We MUST free d before any further use of rsa->d */
352 if (!BN_sub(f, rsa->n, ret))
375 unsigned char *to, RSA *rsa, int padding)
390 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL)
395 num = BN_num_bytes(rsa->n);
415 if (BN_ucmp(f, rsa->n) >= 0) {
420 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
421 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
422 rsa->n, ctx))
425 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
426 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
443 if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
444 (rsa->version == RSA_ASN1_VERSION_MULTI) ||
445 ((rsa->p != NULL) &&
446 (rsa->q != NULL) &&
447 (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
448 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
456 if (rsa->d == NULL) {
461 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
462 if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
463 rsa->_method_mod_n)) {
467 /* We MUST free d before any further use of rsa->d */
512 unsigned char *to, RSA *rsa, int padding)
519 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
524 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
530 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
531 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
537 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL)
542 num = BN_num_bytes(rsa->n);
561 if (BN_ucmp(f, rsa->n) >= 0) {
566 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
567 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
568 rsa->n, ctx))
571 if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
572 rsa->_method_mod_n))
576 if (!BN_sub(ret, rsa->n, ret))
607 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
629 if (rsa->version == RSA_ASN1_VERSION_MULTI
630 && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0
635 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
645 if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME),
646 BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock,
648 || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME),
649 BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock,
656 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
658 if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) {
669 smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont)
673 && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p));
676 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
677 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
678 rsa->n, ctx))
690 !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx)
691 || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx)
693 || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx)
694 || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
701 || !BN_mod_exp_mont_consttime_x2(m1, m1, rsa->dmq1, rsa->q,
702 rsa->_method_mod_q,
703 r1, r1, rsa->dmp1, rsa->p,
704 rsa->_method_mod_p,
711 * when |m1| can be larger than |rsa->p|.
713 || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p)
716 || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx)
717 || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p,
720 || !bn_mul_fixed_top(r0, r1, rsa->q, ctx)
721 || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n))
734 if (!BN_mod(r1, c, rsa->q, ctx)) {
745 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
748 if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
749 rsa->_method_mod_q)) {
754 /* We MUST free dmq1 before any further use of rsa->dmq1 */
759 if (!BN_mod(r1, c, rsa->p, ctx)) {
771 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
774 if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
775 rsa->_method_mod_p)) {
779 /* We MUST free dmp1 before any further use of rsa->dmp1 */
801 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
813 if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) {
832 if (!BN_add(r0, r0, rsa->p))
835 if (!BN_mul(r1, r0, rsa->iqmp, ctx))
844 if (!BN_mod(r0, pr1, rsa->p, ctx)) {
860 if (!BN_add(r0, r0, rsa->p))
862 if (!BN_mul(r1, r0, rsa->q, ctx))
876 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
913 if (rsa->e && rsa->n) {
914 if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) {
915 if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx,
916 rsa->_method_mod_n))
920 if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx,
921 rsa->_method_mod_n))
925 * If 'I' was greater than (or equal to) rsa->n, the operation will
937 if (!BN_mod(vrfy, vrfy, rsa->n, ctx))
940 if (!BN_add(vrfy, vrfy, rsa->n))
952 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
954 if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
955 rsa->_method_mod_n)) {
959 /* We MUST free d before any further use of rsa->d */
978 static int rsa_ossl_init(RSA *rsa)
980 rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
984 static int rsa_ossl_finish(RSA *rsa)
990 for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) {
991 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i);
996 BN_MONT_CTX_free(rsa->_method_mod_n);
997 BN_MONT_CTX_free(rsa->_method_mod_p);
998 BN_MONT_CTX_free(rsa->_method_mod_q);