diff options
author | Sam Roberts <vieuxtech@gmail.com> | 2018-11-22 10:39:20 -0800 |
---|---|---|
committer | Sam Roberts <vieuxtech@gmail.com> | 2019-01-22 13:32:34 -0800 |
commit | 4231ad04f0b2aee5bda6be94715d4b70badaac8b (patch) | |
tree | 19f189fae6828708ebd37e466ce4a7716494b96a /deps/openssl/openssl/crypto/rsa/rsa_ossl.c | |
parent | 5d80f9ea6091847176fa47fb1395fdffc4af9164 (diff) | |
download | android-node-v8-4231ad04f0b2aee5bda6be94715d4b70badaac8b.tar.gz android-node-v8-4231ad04f0b2aee5bda6be94715d4b70badaac8b.tar.bz2 android-node-v8-4231ad04f0b2aee5bda6be94715d4b70badaac8b.zip |
deps: upgrade openssl sources to 1.1.1a
This updates all sources in deps/openssl/openssl with openssl-1.1.1a.
PR-URL: https://github.com/nodejs/node/pull/25381
Reviewed-By: Daniel Bevenius <daniel.bevenius@gmail.com>
Reviewed-By: Shigeki Ohtsu <ohtsu@ohtsu.org>
Diffstat (limited to 'deps/openssl/openssl/crypto/rsa/rsa_ossl.c')
-rw-r--r-- | deps/openssl/openssl/crypto/rsa/rsa_ossl.c | 161 |
1 files changed, 143 insertions, 18 deletions
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c index 23f948fbbb..2b1b006c28 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ossl.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ossl.c @@ -38,7 +38,8 @@ static RSA_METHOD rsa_pkcs1_ossl_meth = { NULL, 0, /* rsa_sign */ 0, /* rsa_verify */ - NULL /* rsa_keygen */ + NULL, /* rsa_keygen */ + NULL /* rsa_multi_prime_keygen */ }; static const RSA_METHOD *default_RSA_meth = &rsa_pkcs1_ossl_meth; @@ -58,6 +59,11 @@ const RSA_METHOD *RSA_PKCS1_OpenSSL(void) return &rsa_pkcs1_ossl_meth; } +const RSA_METHOD *RSA_null_method(void) +{ + return NULL; +} + static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -91,7 +97,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -145,7 +151,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) @@ -190,12 +196,12 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind, BN_CTX *ctx) { - if (unblind == NULL) + if (unblind == NULL) { /* * Local blinding: store the unblinding factor in BN_BLINDING. */ return BN_BLINDING_convert_ex(f, NULL, b, ctx); - else { + } else { /* * Shared blinding: store the unblinding factor outside BN_BLINDING. */ @@ -247,7 +253,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -298,6 +304,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, } if ((rsa->flags & RSA_FLAG_EXT_PKEY) || + (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { @@ -338,8 +345,9 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, res = f; else res = ret; - } else + } else { res = ret; + } /* * BN_bn2binpad puts in leading 0 bytes if the number is less than @@ -351,7 +359,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, @@ -377,7 +385,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -421,6 +429,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, /* do the decrypt */ if ((rsa->flags & RSA_FLAG_EXT_PKEY) || + (rsa->version == RSA_ASN1_VERSION_MULTI) || ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) { @@ -480,7 +489,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } /* signature verification */ @@ -517,7 +526,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, ret = BN_CTX_get(ctx); num = BN_num_bytes(rsa->n); buf = OPENSSL_malloc(num); - if (f == NULL || ret == NULL || buf == NULL) { + if (ret == NULL || buf == NULL) { RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); goto err; } @@ -577,22 +586,29 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from, BN_CTX_end(ctx); BN_CTX_free(ctx); OPENSSL_clear_free(buf, num); - return (r); + return r; } static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) { - BIGNUM *r1, *m1, *vrfy; - int ret = 0, smooth = 0; + BIGNUM *r1, *m1, *vrfy, *r2, *m[RSA_MAX_PRIME_NUM - 2]; + int ret = 0, i, ex_primes = 0, smooth = 0; + RSA_PRIME_INFO *pinfo; BN_CTX_start(ctx); r1 = BN_CTX_get(ctx); + r2 = BN_CTX_get(ctx); m1 = BN_CTX_get(ctx); vrfy = BN_CTX_get(ctx); if (vrfy == NULL) goto err; + if (rsa->version == RSA_ASN1_VERSION_MULTI + && ((ex_primes = sk_RSA_PRIME_INFO_num(rsa->prime_infos)) <= 0 + || ex_primes > RSA_MAX_PRIME_NUM - 2)) + goto err; + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { BIGNUM *factor = BN_new(); @@ -612,12 +628,21 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(factor); goto err; } + for (i = 0; i < ex_primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + BN_with_flags(factor, pinfo->r, BN_FLG_CONSTTIME); + if (!BN_MONT_CTX_set_locked(&pinfo->m, rsa->lock, factor, ctx)) { + BN_free(factor); + goto err; + } + } /* * We MUST free |factor| before any further use of the prime factors */ BN_free(factor); - smooth = (rsa->meth->bn_mod_exp == BN_mod_exp_mont) + smooth = (ex_primes == 0) + && (rsa->meth->bn_mod_exp == BN_mod_exp_mont) && (BN_num_bits(rsa->q) == BN_num_bits(rsa->p)); } @@ -723,6 +748,56 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) BN_free(dmp1); } + /* + * calculate m_i in multi-prime case + * + * TODO: + * 1. squash the following two loops and calculate |m_i| there. + * 2. remove cc and reuse |c|. + * 3. remove |dmq1| and |dmp1| in previous block and use |di|. + * + * If these things are done, the code will be more readable. + */ + if (ex_primes > 0) { + BIGNUM *di = BN_new(), *cc = BN_new(); + + if (cc == NULL || di == NULL) { + BN_free(cc); + BN_free(di); + goto err; + } + + for (i = 0; i < ex_primes; i++) { + /* prepare m_i */ + if ((m[i] = BN_CTX_get(ctx)) == NULL) { + BN_free(cc); + BN_free(di); + goto err; + } + + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + + /* prepare c and d_i */ + BN_with_flags(cc, I, BN_FLG_CONSTTIME); + BN_with_flags(di, pinfo->d, BN_FLG_CONSTTIME); + + if (!BN_mod(r1, cc, pinfo->r, ctx)) { + BN_free(cc); + BN_free(di); + goto err; + } + /* compute r1 ^ d_i mod r_i */ + if (!rsa->meth->bn_mod_exp(m[i], r1, di, pinfo->r, ctx, pinfo->m)) { + BN_free(cc); + BN_free(di); + goto err; + } + } + + BN_free(cc); + BN_free(di); + } + if (!BN_sub(r0, r0, m1)) goto err; /* @@ -765,6 +840,49 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) if (!BN_add(r0, r1, m1)) goto err; + /* add m_i to m in multi-prime case */ + if (ex_primes > 0) { + BIGNUM *pr2 = BN_new(); + + if (pr2 == NULL) + goto err; + + for (i = 0; i < ex_primes; i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + if (!BN_sub(r1, m[i], r0)) { + BN_free(pr2); + goto err; + } + + if (!BN_mul(r2, r1, pinfo->t, ctx)) { + BN_free(pr2); + goto err; + } + + BN_with_flags(pr2, r2, BN_FLG_CONSTTIME); + + if (!BN_mod(r1, pr2, pinfo->r, ctx)) { + BN_free(pr2); + goto err; + } + + if (BN_is_negative(r1)) + if (!BN_add(r1, r1, pinfo->r)) { + BN_free(pr2); + goto err; + } + if (!BN_mul(r1, r1, pinfo->pp, ctx)) { + BN_free(pr2); + goto err; + } + if (!BN_add(r0, r0, r1)) { + BN_free(pr2); + goto err; + } + } + BN_free(pr2); + } + tail: if (rsa->e && rsa->n) { if (rsa->meth->bn_mod_exp == BN_mod_exp_mont) { @@ -828,19 +946,26 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) ret = 1; err: BN_CTX_end(ctx); - return (ret); + return ret; } static int rsa_ossl_init(RSA *rsa) { rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; - return (1); + return 1; } static int rsa_ossl_finish(RSA *rsa) { + int i; + RSA_PRIME_INFO *pinfo; + BN_MONT_CTX_free(rsa->_method_mod_n); BN_MONT_CTX_free(rsa->_method_mod_p); BN_MONT_CTX_free(rsa->_method_mod_q); - return (1); + for (i = 0; i < sk_RSA_PRIME_INFO_num(rsa->prime_infos); i++) { + pinfo = sk_RSA_PRIME_INFO_value(rsa->prime_infos, i); + BN_MONT_CTX_free(pinfo->m); + } + return 1; } |