Move RSA blinding API from rsa_crpt.c to rsa_blinding.c

tb · tb · commit c7d7d3762cea · 2023-08-09T09:26:43.000Z
diff --git a/src/lib/libcrypto/rsa/rsa_blinding.c b/src/lib/libcrypto/rsa/rsa_blinding.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_blinding.c,v 1.1 2023/08/09 09:23:03 tb Exp $ */
+/* $OpenBSD: rsa_blinding.c,v 1.2 2023/08/09 09:26:43 tb Exp $ */
 /* ====================================================================
  * Copyright (c) 1998-2006 The OpenSSL Project.  All rights reserved.
  *
@@ -259,3 +259,103 @@ BN_BLINDING_thread_id(BN_BLINDING *b)
 {
 	return &b->tid;
 }
+
+static BIGNUM *
+rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
+    BN_CTX *ctx)
+{
+	BIGNUM *ret = NULL, *r0, *r1, *r2;
+
+	if (d == NULL || p == NULL || q == NULL)
+		return NULL;
+
+	BN_CTX_start(ctx);
+	if ((r0 = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((r1 = BN_CTX_get(ctx)) == NULL)
+		goto err;
+	if ((r2 = BN_CTX_get(ctx)) == NULL)
+		goto err;
+
+	if (!BN_sub(r1, p, BN_value_one()))
+		goto err;
+	if (!BN_sub(r2, q, BN_value_one()))
+		goto err;
+	if (!BN_mul(r0, r1, r2, ctx))
+		goto err;
+
+	ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
+err:
+	BN_CTX_end(ctx);
+	return ret;
+}
+
+BN_BLINDING *
+RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
+{
+	BIGNUM *e = NULL;
+	BIGNUM n;
+	BN_CTX *ctx = NULL;
+	BN_BLINDING *ret = NULL;
+
+	if ((ctx = in_ctx) == NULL)
+		ctx = BN_CTX_new();
+	if (ctx == NULL)
+		goto err;
+
+	BN_CTX_start(ctx);
+
+	if ((e = rsa->e) == NULL)
+		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
+	if (e == NULL) {
+		RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
+		goto err;
+	}
+
+	BN_init(&n);
+	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
+
+	if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
+	    rsa->_method_mod_n)) == NULL) {
+		RSAerror(ERR_R_BN_LIB);
+		goto err;
+	}
+	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
+
+ err:
+	BN_CTX_end(ctx);
+	if (ctx != in_ctx)
+		BN_CTX_free(ctx);
+	if (e != rsa->e)
+		BN_free(e);
+
+	return ret;
+}
+
+void
+RSA_blinding_off(RSA *rsa)
+{
+	BN_BLINDING_free(rsa->blinding);
+	rsa->blinding = NULL;
+	rsa->flags |= RSA_FLAG_NO_BLINDING;
+}
+LCRYPTO_ALIAS(RSA_blinding_off);
+
+int
+RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
+{
+	int ret = 0;
+
+	if (rsa->blinding != NULL)
+		RSA_blinding_off(rsa);
+
+	rsa->blinding = RSA_setup_blinding(rsa, ctx);
+	if (rsa->blinding == NULL)
+		goto err;
+
+	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
+	ret = 1;
+err:
+	return (ret);
+}
+LCRYPTO_ALIAS(RSA_blinding_on);
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_crpt.c,v 1.27 2023/08/09 09:25:13 tb Exp $ */
+/* $OpenBSD: rsa_crpt.c,v 1.28 2023/08/09 09:26:43 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -125,103 +125,3 @@ RSA_flags(const RSA *r)
 	return r == NULL ? 0 : r->meth->flags;
 }
 LCRYPTO_ALIAS(RSA_flags);
-
-static BIGNUM *
-rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p, const BIGNUM *q,
-    BN_CTX *ctx)
-{
-	BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-	if (d == NULL || p == NULL || q == NULL)
-		return NULL;
-
-	BN_CTX_start(ctx);
-	if ((r0 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r1 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-	if ((r2 = BN_CTX_get(ctx)) == NULL)
-		goto err;
-
-	if (!BN_sub(r1, p, BN_value_one()))
-		goto err;
-	if (!BN_sub(r2, q, BN_value_one()))
-		goto err;
-	if (!BN_mul(r0, r1, r2, ctx))
-		goto err;
-
-	ret = BN_mod_inverse_ct(NULL, d, r0, ctx);
-err:
-	BN_CTX_end(ctx);
-	return ret;
-}
-
-BN_BLINDING *
-RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-	BIGNUM *e = NULL;
-	BIGNUM n;
-	BN_CTX *ctx = NULL;
-	BN_BLINDING *ret = NULL;
-
-	if ((ctx = in_ctx) == NULL)
-		ctx = BN_CTX_new();
-	if (ctx == NULL)
-		goto err;
-
-	BN_CTX_start(ctx);
-
-	if ((e = rsa->e) == NULL)
-		e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-	if (e == NULL) {
-		RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
-		goto err;
-	}
-
-	BN_init(&n);
-	BN_with_flags(&n, rsa->n, BN_FLG_CONSTTIME);
-
-	if ((ret = BN_BLINDING_new(e, &n, ctx, rsa->meth->bn_mod_exp,
-	    rsa->_method_mod_n)) == NULL) {
-		RSAerror(ERR_R_BN_LIB);
-		goto err;
-	}
-	CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
-
- err:
-	BN_CTX_end(ctx);
-	if (ctx != in_ctx)
-		BN_CTX_free(ctx);
-	if (e != rsa->e)
-		BN_free(e);
-
-	return ret;
-}
-
-void
-RSA_blinding_off(RSA *rsa)
-{
-	BN_BLINDING_free(rsa->blinding);
-	rsa->blinding = NULL;
-	rsa->flags |= RSA_FLAG_NO_BLINDING;
-}
-LCRYPTO_ALIAS(RSA_blinding_off);
-
-int
-RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-{
-	int ret = 0;
-
-	if (rsa->blinding != NULL)
-		RSA_blinding_off(rsa);
-
-	rsa->blinding = RSA_setup_blinding(rsa, ctx);
-	if (rsa->blinding == NULL)
-		goto err;
-
-	rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-	ret = 1;
-err:
-	return (ret);
-}
-LCRYPTO_ALIAS(RSA_blinding_on);
