Lines Matching refs:rsa
25 unsigned char *to, RSA *rsa, int padding);
27 unsigned char *to, RSA *rsa, int padding);
29 unsigned char *to, RSA *rsa, int padding);
31 unsigned char *to, RSA *rsa, int padding);
32 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
34 static int rsa_ossl_init(RSA *rsa);
35 static int rsa_ossl_finish(RSA *rsa);
37 static int rsa_ossl_s390x_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
100 unsigned char *to, RSA *rsa, int padding) in rsa_ossl_public_encrypt() argument
107 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { in rsa_ossl_public_encrypt()
112 if (BN_ucmp(rsa->n, rsa->e) <= 0) { in rsa_ossl_public_encrypt()
118 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { in rsa_ossl_public_encrypt()
119 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { in rsa_ossl_public_encrypt()
125 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) in rsa_ossl_public_encrypt()
130 num = BN_num_bytes(rsa->n); in rsa_ossl_public_encrypt()
137 i = ossl_rsa_padding_add_PKCS1_type_2_ex(rsa->libctx, buf, num, in rsa_ossl_public_encrypt()
141 i = ossl_rsa_padding_add_PKCS1_OAEP_mgf1_ex(rsa->libctx, buf, num, in rsa_ossl_public_encrypt()
172 || BN_copy(nminus1, rsa->n) == NULL in rsa_ossl_public_encrypt()
182 if (BN_ucmp(f, rsa->n) >= 0) { in rsa_ossl_public_encrypt()
189 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) in rsa_ossl_public_encrypt()
190 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, in rsa_ossl_public_encrypt()
191 rsa->n, ctx)) in rsa_ossl_public_encrypt()
194 if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, in rsa_ossl_public_encrypt()
195 rsa->_method_mod_n)) in rsa_ossl_public_encrypt()
210 static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) in rsa_get_blinding() argument
214 if (!CRYPTO_THREAD_read_lock(rsa->lock)) in rsa_get_blinding()
217 if (rsa->blinding == NULL) { in rsa_get_blinding()
224 CRYPTO_THREAD_unlock(rsa->lock); in rsa_get_blinding()
225 if (!CRYPTO_THREAD_write_lock(rsa->lock)) in rsa_get_blinding()
227 if (rsa->blinding == NULL) in rsa_get_blinding()
228 rsa->blinding = RSA_setup_blinding(rsa, ctx); in rsa_get_blinding()
231 ret = rsa->blinding; in rsa_get_blinding()
249 if (rsa->mt_blinding == NULL) { in rsa_get_blinding()
250 CRYPTO_THREAD_unlock(rsa->lock); in rsa_get_blinding()
251 if (!CRYPTO_THREAD_write_lock(rsa->lock)) in rsa_get_blinding()
253 if (rsa->mt_blinding == NULL) in rsa_get_blinding()
254 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); in rsa_get_blinding()
256 ret = rsa->mt_blinding; in rsa_get_blinding()
260 CRYPTO_THREAD_unlock(rsa->lock); in rsa_get_blinding()
305 unsigned char *to, RSA *rsa, int padding) in rsa_ossl_private_encrypt() argument
320 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) in rsa_ossl_private_encrypt()
325 num = BN_num_bytes(rsa->n); in rsa_ossl_private_encrypt()
350 if (BN_ucmp(f, rsa->n) >= 0) { in rsa_ossl_private_encrypt()
356 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) in rsa_ossl_private_encrypt()
357 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, in rsa_ossl_private_encrypt()
358 rsa->n, ctx)) in rsa_ossl_private_encrypt()
361 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { in rsa_ossl_private_encrypt()
362 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); in rsa_ossl_private_encrypt()
378 if ((rsa->flags & RSA_FLAG_EXT_PKEY) || in rsa_ossl_private_encrypt()
379 (rsa->version == RSA_ASN1_VERSION_MULTI) || in rsa_ossl_private_encrypt()
380 ((rsa->p != NULL) && in rsa_ossl_private_encrypt()
381 (rsa->q != NULL) && in rsa_ossl_private_encrypt()
382 (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { in rsa_ossl_private_encrypt()
383 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) in rsa_ossl_private_encrypt()
391 if (rsa->d == NULL) { in rsa_ossl_private_encrypt()
396 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); in rsa_ossl_private_encrypt()
398 if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, in rsa_ossl_private_encrypt()
399 rsa->_method_mod_n)) { in rsa_ossl_private_encrypt()
412 if (!BN_sub(f, rsa->n, ret)) in rsa_ossl_private_encrypt()
434 static int derive_kdk(int flen, const unsigned char *from, RSA *rsa, in derive_kdk() argument
452 if (rsa->d == NULL) { in derive_kdk()
457 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); in derive_kdk()
472 md = EVP_MD_fetch(rsa->libctx, "sha256", NULL); in derive_kdk()
520 unsigned char *to, RSA *rsa, int padding) in rsa_ossl_private_decrypt() argument
539 if ((rsa->flags & RSA_FLAG_EXT_PKEY) && (padding == RSA_PKCS1_PADDING)) in rsa_ossl_private_decrypt()
542 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) in rsa_ossl_private_decrypt()
551 num = BN_num_bytes(rsa->n); in rsa_ossl_private_decrypt()
588 || BN_copy(nminus1, rsa->n) == NULL in rsa_ossl_private_decrypt()
598 if (BN_ucmp(f, rsa->n) >= 0) { in rsa_ossl_private_decrypt()
603 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) in rsa_ossl_private_decrypt()
604 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, in rsa_ossl_private_decrypt()
605 rsa->n, ctx)) in rsa_ossl_private_decrypt()
608 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { in rsa_ossl_private_decrypt()
609 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); in rsa_ossl_private_decrypt()
626 if ((rsa->flags & RSA_FLAG_EXT_PKEY) || in rsa_ossl_private_decrypt()
627 (rsa->version == RSA_ASN1_VERSION_MULTI) || in rsa_ossl_private_decrypt()
628 ((rsa->p != NULL) && in rsa_ossl_private_decrypt()
629 (rsa->q != NULL) && in rsa_ossl_private_decrypt()
630 (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { in rsa_ossl_private_decrypt()
631 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) in rsa_ossl_private_decrypt()
639 if (rsa->d == NULL) { in rsa_ossl_private_decrypt()
644 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); in rsa_ossl_private_decrypt()
645 if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx, in rsa_ossl_private_decrypt()
646 rsa->_method_mod_n)) { in rsa_ossl_private_decrypt()
663 if (derive_kdk(flen, from, rsa, buf, num, kdk) == 0) in rsa_ossl_private_decrypt()
676 r = ossl_rsa_padding_check_PKCS1_type_2(rsa->libctx, to, num, buf, j, num, kdk); in rsa_ossl_private_decrypt()
707 unsigned char *to, RSA *rsa, int padding) in rsa_ossl_public_decrypt() argument
714 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { in rsa_ossl_public_decrypt()
719 if (BN_ucmp(rsa->n, rsa->e) <= 0) { in rsa_ossl_public_decrypt()
725 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { in rsa_ossl_public_decrypt()
726 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { in rsa_ossl_public_decrypt()
732 if ((ctx = BN_CTX_new_ex(rsa->libctx)) == NULL) in rsa_ossl_public_decrypt()
741 num = BN_num_bytes(rsa->n); in rsa_ossl_public_decrypt()
758 if (BN_ucmp(f, rsa->n) >= 0) { in rsa_ossl_public_decrypt()
763 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) in rsa_ossl_public_decrypt()
764 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, in rsa_ossl_public_decrypt()
765 rsa->n, ctx)) in rsa_ossl_public_decrypt()
768 if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx, in rsa_ossl_public_decrypt()
769 rsa->_method_mod_n)) in rsa_ossl_public_decrypt()
774 if (!BN_sub(ret, rsa->n, ret)) in rsa_ossl_public_decrypt()
805 static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) in rsa_ossl_mod_exp() argument
827 if (rsa->version == RSA_ASN1_VERSION_MULTI in rsa_ossl_mod_exp()
828 && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0 in rsa_ossl_mod_exp()
833 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { in rsa_ossl_mod_exp()
843 if (!(BN_with_flags(factor, rsa->p, BN_FLG_CONSTTIME), in rsa_ossl_mod_exp()
844 BN_MONT_CTX_set_locked(&rsa->_method_mod_p, rsa->lock, in rsa_ossl_mod_exp()
846 || !(BN_with_flags(factor, rsa->q, BN_FLG_CONSTTIME), in rsa_ossl_mod_exp()
847 BN_MONT_CTX_set_locked(&rsa->_method_mod_q, rsa->lock, in rsa_ossl_mod_exp()
854 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); in rsa_ossl_mod_exp()
856 if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) { in rsa_ossl_mod_exp()
867 smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) in rsa_ossl_mod_exp()
871 && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); in rsa_ossl_mod_exp()
874 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) in rsa_ossl_mod_exp()
875 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock, in rsa_ossl_mod_exp()
876 rsa->n, ctx)) in rsa_ossl_mod_exp()
888 !bn_from_mont_fixed_top(m1, I, rsa->_method_mod_q, ctx) in rsa_ossl_mod_exp()
889 || !bn_to_mont_fixed_top(m1, m1, rsa->_method_mod_q, ctx) in rsa_ossl_mod_exp()
891 || !bn_from_mont_fixed_top(r1, I, rsa->_method_mod_p, ctx) in rsa_ossl_mod_exp()
892 || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) in rsa_ossl_mod_exp()
899 || !BN_mod_exp_mont_consttime_x2(m1, m1, rsa->dmq1, rsa->q, in rsa_ossl_mod_exp()
900 rsa->_method_mod_q, in rsa_ossl_mod_exp()
901 r1, r1, rsa->dmp1, rsa->p, in rsa_ossl_mod_exp()
902 rsa->_method_mod_p, in rsa_ossl_mod_exp()
911 || !bn_mod_sub_fixed_top(r1, r1, m1, rsa->p) in rsa_ossl_mod_exp()
914 || !bn_to_mont_fixed_top(r1, r1, rsa->_method_mod_p, ctx) in rsa_ossl_mod_exp()
915 || !bn_mul_mont_fixed_top(r1, r1, rsa->iqmp, rsa->_method_mod_p, in rsa_ossl_mod_exp()
918 || !bn_mul_fixed_top(r0, r1, rsa->q, ctx) in rsa_ossl_mod_exp()
919 || !bn_mod_add_fixed_top(r0, r0, m1, rsa->n)) in rsa_ossl_mod_exp()
932 if (!BN_mod(r1, c, rsa->q, ctx)) { in rsa_ossl_mod_exp()
943 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); in rsa_ossl_mod_exp()
946 if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, in rsa_ossl_mod_exp()
947 rsa->_method_mod_q)) { in rsa_ossl_mod_exp()
957 if (!BN_mod(r1, c, rsa->p, ctx)) { in rsa_ossl_mod_exp()
969 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); in rsa_ossl_mod_exp()
972 if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, in rsa_ossl_mod_exp()
973 rsa->_method_mod_p)) { in rsa_ossl_mod_exp()
999 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); in rsa_ossl_mod_exp()
1011 if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) { in rsa_ossl_mod_exp()
1030 if (!BN_add(r0, r0, rsa->p)) in rsa_ossl_mod_exp()
1033 if (!BN_mul(r1, r0, rsa->iqmp, ctx)) in rsa_ossl_mod_exp()
1042 if (!BN_mod(r0, pr1, rsa->p, ctx)) { in rsa_ossl_mod_exp()
1058 if (!BN_add(r0, r0, rsa->p)) in rsa_ossl_mod_exp()
1060 if (!BN_mul(r1, r0, rsa->q, ctx)) in rsa_ossl_mod_exp()
1074 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); in rsa_ossl_mod_exp()
1111 if (rsa->e && rsa->n) { in rsa_ossl_mod_exp()
1112 if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) { in rsa_ossl_mod_exp()
1113 if (!BN_mod_exp_mont(vrfy, r0, rsa->e, rsa->n, ctx, in rsa_ossl_mod_exp()
1114 rsa->_method_mod_n)) in rsa_ossl_mod_exp()
1118 if (!rsa->meth->bn_mod_exp(vrfy, r0, rsa->e, rsa->n, ctx, in rsa_ossl_mod_exp()
1119 rsa->_method_mod_n)) in rsa_ossl_mod_exp()
1135 if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) in rsa_ossl_mod_exp()
1138 if (!BN_add(vrfy, vrfy, rsa->n)) in rsa_ossl_mod_exp()
1150 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); in rsa_ossl_mod_exp()
1152 if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx, in rsa_ossl_mod_exp()
1153 rsa->_method_mod_n)) { in rsa_ossl_mod_exp()
1176 static int rsa_ossl_init(RSA *rsa) in rsa_ossl_init() argument
1178 rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; in rsa_ossl_init()
1182 static int rsa_ossl_finish(RSA *rsa) in rsa_ossl_finish() argument
1188 for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) { in rsa_ossl_finish()
1189 pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); in rsa_ossl_finish()
1194 BN_MONT_CTX_free(rsa->_method_mod_n); in rsa_ossl_finish()
1195 BN_MONT_CTX_free(rsa->_method_mod_p); in rsa_ossl_finish()
1196 BN_MONT_CTX_free(rsa->_method_mod_q); in rsa_ossl_finish()
1201 static int rsa_ossl_s390x_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, in rsa_ossl_s390x_mod_exp() argument
1204 if (rsa->version != RSA_ASN1_VERSION_MULTI) { in rsa_ossl_s390x_mod_exp()
1205 if (s390x_crt(r0, i, rsa->p, rsa->q, rsa->dmp1, rsa->dmq1, rsa->iqmp) == 1) in rsa_ossl_s390x_mod_exp()
1208 return rsa_ossl_mod_exp(r0, i, rsa, ctx); in rsa_ossl_s390x_mod_exp()
