提交 9862e9aa 编写于 作者: R Richard Levitte

Make the RSA structure opaque

Move rsa_st away from public headers.
Add accessor/writer functions for the public RSA data.
Adapt all other source to use the accessors and writers.
Reviewed-by: NMatt Caswell <matt@openssl.org>
上级 3e41ac35
......@@ -104,9 +104,10 @@ int genrsa_main(int argc, char **argv)
{
BN_GENCB *cb = BN_GENCB_new();
PW_CB_DATA cb_data;
ENGINE *e = NULL;
ENGINE *eng = NULL;
BIGNUM *bn = BN_new();
BIO *out = NULL;
BIGNUM *e;
RSA *rsa = NULL;
const EVP_CIPHER *enc = NULL;
int ret = 1, num = DEFBITS, private = 0;
......@@ -141,7 +142,7 @@ int genrsa_main(int argc, char **argv)
outfile = opt_arg();
break;
case OPT_ENGINE:
e = setup_engine(opt_arg(), 0);
eng = setup_engine(opt_arg(), 0);
break;
case OPT_RAND:
inrand = opt_arg();
......@@ -182,7 +183,7 @@ int genrsa_main(int argc, char **argv)
BIO_printf(bio_err, "Generating RSA private key, %d bit long modulus\n",
num);
rsa = e ? RSA_new_method(e) : RSA_new();
rsa = eng ? RSA_new_method(eng) : RSA_new();
if (rsa == NULL)
goto end;
......@@ -191,8 +192,9 @@ int genrsa_main(int argc, char **argv)
app_RAND_write_file(NULL);
hexe = BN_bn2hex(rsa->e);
dece = BN_bn2dec(rsa->e);
RSA_get0_key(rsa, NULL, &e, NULL);
hexe = BN_bn2hex(e);
dece = BN_bn2dec(e);
if (hexe && dece) {
BIO_printf(bio_err, "e is %s (0x%s)\n", dece, hexe);
}
......
......@@ -811,9 +811,11 @@ int req_main(int argc, char **argv)
}
fprintf(stdout, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA)
BN_print(out, EVP_PKEY_get0_RSA(tpubkey)->n);
else
if (EVP_PKEY_base_id(tpubkey) == EVP_PKEY_RSA) {
BIGNUM *n;
RSA_get0_key(EVP_PKEY_get0_RSA(tpubkey), &n, NULL, NULL);
BN_print(out, n);
} else
#endif
fprintf(stdout, "Wrong Algorithm type");
EVP_PKEY_free(tpubkey);
......
......@@ -310,8 +310,10 @@ int rsa_main(int argc, char **argv)
}
if (modulus) {
BIGNUM *n;
RSA_get0_key(rsa, &n, NULL, NULL);
BIO_printf(out, "Modulus=");
BN_print(out, rsa->n);
BN_print(out, n);
BIO_printf(out, "\n");
}
......
......@@ -727,9 +727,11 @@ int x509_main(int argc, char **argv)
}
BIO_printf(out, "Modulus=");
#ifndef OPENSSL_NO_RSA
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA)
BN_print(out, EVP_PKEY_get0_RSA(pkey)->n);
else
if (EVP_PKEY_id(pkey) == EVP_PKEY_RSA) {
BIGNUM *n;
RSA_get0_key(EVP_PKEY_get0_RSA(pkey), &n, NULL, NULL);
BN_print(out, n);
} else
#endif
#ifndef OPENSSL_NO_DSA
if (EVP_PKEY_id(pkey) == EVP_PKEY_DSA) {
......
......@@ -353,8 +353,9 @@ static EVP_PKEY *b2i_dss(const unsigned char **in,
static EVP_PKEY *b2i_rsa(const unsigned char **in,
unsigned int bitlen, int ispub)
{
const unsigned char *p = *in;
const unsigned char *pin = *in;
EVP_PKEY *ret = NULL;
BIGNUM *e = NULL, *n = NULL, *d = NULL;
RSA *rsa = NULL;
unsigned int nbyte, hnbyte;
nbyte = (bitlen + 7) >> 3;
......@@ -363,31 +364,35 @@ static EVP_PKEY *b2i_rsa(const unsigned char **in,
ret = EVP_PKEY_new();
if (rsa == NULL || ret == NULL)
goto memerr;
rsa->e = BN_new();
if (rsa->e == NULL)
e = BN_new();
if (e == NULL)
goto memerr;
if (!BN_set_word(rsa->e, read_ledword(&p)))
if (!BN_set_word(e, read_ledword(&pin)))
goto memerr;
if (!read_lebn(&p, nbyte, &rsa->n))
if (!read_lebn(&pin, nbyte, &n))
goto memerr;
if (!ispub) {
if (!read_lebn(&p, hnbyte, &rsa->p))
BIGNUM *p = NULL, *q = NULL, *dmp1 = NULL, *dmq1 = NULL, *iqmp = NULL;
if (!read_lebn(&pin, hnbyte, &p))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->q))
if (!read_lebn(&pin, hnbyte, &q))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->dmp1))
if (!read_lebn(&pin, hnbyte, &dmp1))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->dmq1))
if (!read_lebn(&pin, hnbyte, &dmq1))
goto memerr;
if (!read_lebn(&p, hnbyte, &rsa->iqmp))
if (!read_lebn(&pin, hnbyte, &iqmp))
goto memerr;
if (!read_lebn(&p, nbyte, &rsa->d))
if (!read_lebn(&pin, nbyte, &d))
goto memerr;
RSA_set0_factors(rsa, p, q);
RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp);
}
RSA_set0_key(rsa, e, n, d);
EVP_PKEY_set1_RSA(ret, rsa);
RSA_free(rsa);
*in = p;
*in = pin;
return ret;
memerr:
PEMerr(PEM_F_B2I_RSA, ERR_R_MALLOC_FAILURE);
......@@ -530,26 +535,35 @@ static int check_bitlen_dsa(DSA *dsa, int ispub, unsigned int *pmagic)
static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
{
int nbyte, hnbyte, bitlen;
if (BN_num_bits(rsa->e) > 32)
BIGNUM *e;
RSA_get0_key(rsa, &e, NULL, NULL);
if (BN_num_bits(e) > 32)
goto badkey;
bitlen = BN_num_bits(rsa->n);
nbyte = BN_num_bytes(rsa->n);
hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
bitlen = RSA_bits(rsa);
nbyte = RSA_size(rsa);
hnbyte = (bitlen + 15) >> 4;
if (ispub) {
*pmagic = MS_RSA1MAGIC;
return bitlen;
} else {
BIGNUM *d, *p, *q, *iqmp, *dmp1, *dmq1;
*pmagic = MS_RSA2MAGIC;
/*
* For private key each component must fit within nbyte or hnbyte.
*/
if (BN_num_bytes(rsa->d) > nbyte)
RSA_get0_key(rsa, NULL, NULL, &d);
if (BN_num_bytes(d) > nbyte)
goto badkey;
if ((BN_num_bytes(rsa->iqmp) > hnbyte)
|| (BN_num_bytes(rsa->p) > hnbyte)
|| (BN_num_bytes(rsa->q) > hnbyte)
|| (BN_num_bytes(rsa->dmp1) > hnbyte)
|| (BN_num_bytes(rsa->dmq1) > hnbyte))
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
if ((BN_num_bytes(iqmp) > hnbyte)
|| (BN_num_bytes(p) > hnbyte)
|| (BN_num_bytes(q) > hnbyte)
|| (BN_num_bytes(dmp1) > hnbyte)
|| (BN_num_bytes(dmq1) > hnbyte))
goto badkey;
}
return bitlen;
......@@ -561,18 +575,23 @@ static int check_bitlen_rsa(RSA *rsa, int ispub, unsigned int *pmagic)
static void write_rsa(unsigned char **out, RSA *rsa, int ispub)
{
int nbyte, hnbyte;
nbyte = BN_num_bytes(rsa->n);
hnbyte = (BN_num_bits(rsa->n) + 15) >> 4;
write_lebn(out, rsa->e, 4);
write_lebn(out, rsa->n, -1);
BIGNUM *n, *d, *e, *p, *q, *iqmp, *dmp1, *dmq1;
nbyte = RSA_size(rsa);
hnbyte = (RSA_bits(rsa) + 15) >> 4;
RSA_get0_key(rsa, &e, &n, &d);
write_lebn(out, e, 4);
write_lebn(out, n, -1);
if (ispub)
return;
write_lebn(out, rsa->p, hnbyte);
write_lebn(out, rsa->q, hnbyte);
write_lebn(out, rsa->dmp1, hnbyte);
write_lebn(out, rsa->dmq1, hnbyte);
write_lebn(out, rsa->iqmp, hnbyte);
write_lebn(out, rsa->d, nbyte);
RSA_get0_factors(rsa, &p, &q);
RSA_get0_crt_params(rsa, &dmp1, &dmq1, &iqmp);
write_lebn(out, p, hnbyte);
write_lebn(out, q, hnbyte);
write_lebn(out, dmp1, hnbyte);
write_lebn(out, dmq1, hnbyte);
write_lebn(out, iqmp, hnbyte);
write_lebn(out, d, nbyte);
}
static void write_dsa(unsigned char **out, DSA *dsa, int ispub)
......
......@@ -60,11 +60,11 @@
#include "internal/cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/cms.h>
#include "internal/asn1_int.h"
#include "internal/evp_int.h"
#include "rsa_locl.h"
#ifndef OPENSSL_NO_CMS
static int rsa_cms_sign(CMS_SignerInfo *si);
......
......@@ -59,9 +59,9 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/asn1t.h>
#include "rsa_locl.h"
/* Override the default free and new methods */
static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
......
......@@ -49,7 +49,7 @@
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/rsa.h>
#include "rsa_locl.h"
int RSA_check_key(const RSA *key)
{
......
......@@ -60,8 +60,8 @@
#include "internal/cryptlib.h"
#include <openssl/lhash.h>
#include "internal/bn_int.h"
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include "rsa_locl.h"
int RSA_bits(const RSA *r)
{
......
......@@ -65,7 +65,7 @@
#include <time.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include "rsa_locl.h"
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
BN_GENCB *cb);
......
......@@ -60,9 +60,9 @@
#include "internal/cryptlib.h"
#include <openssl/lhash.h>
#include "internal/bn_int.h"
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include <openssl/engine.h>
#include "rsa_locl.h"
static const RSA_METHOD *default_RSA_meth = NULL;
......@@ -283,3 +283,96 @@ int RSA_security_bits(const RSA *rsa)
{
return BN_security_bits(BN_num_bits(rsa->n), -1);
}
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
/* d is the private component and may be NULL */
if (n == NULL || e == NULL)
return 0;
BN_free(r->n);
BN_free(r->e);
BN_free(r->d);
r->n = n;
r->e = e;
r->d = d;
return 1;
}
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
{
if (p == NULL || q == NULL)
return 0;
BN_free(r->p);
BN_free(r->q);
r->p = p;
r->q = q;
return 1;
}
int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
{
if (dmp1 == NULL || dmq1 == NULL || iqmp == NULL)
return 0;
BN_free(r->dmp1);
BN_free(r->dmq1);
BN_free(r->iqmp);
r->dmp1 = dmp1;
r->dmq1 = dmq1;
r->iqmp = iqmp;
return 1;
}
void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d)
{
if (n != NULL)
*n = r->n;
if (e != NULL)
*e = r->e;
if (d != NULL)
*d = r->d;
}
void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q)
{
if (p != NULL)
*p = r->p;
if (q != NULL)
*q = r->q;
}
void RSA_get0_crt_params(const RSA *r,
BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp)
{
if (dmp1 != NULL)
*dmp1 = r->dmp1;
if (dmq1 != NULL)
*dmq1 = r->dmq1;
if (iqmp != NULL)
*iqmp = r->iqmp;
}
void RSA_clear_flags(RSA *r, int flags)
{
r->flags &= ~flags;
}
int RSA_test_flags(const RSA *r, int flags)
{
return r->flags & flags;
}
void RSA_set_flags(RSA *r, int flags)
{
r->flags |= flags;
}
ENGINE *RSA_get0_engine(RSA *r)
{
return r->engine;
}
/*
* Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
*
* Licensed under the OpenSSL licenses, (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* https://www.openssl.org/source/license.html
* or in the file LICENSE in the source distribution.
*/
#include <openssl/rsa.h>
struct rsa_st {
/*
* The first parameter is used to pickup errors where this is passed
* instead of aEVP_PKEY, it is set to 0
*/
int pad;
long version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;
/* Used to cache montgomery values */
BN_MONT_CTX *_method_mod_n;
BN_MONT_CTX *_method_mod_p;
BN_MONT_CTX *_method_mod_q;
/*
* all BIGNUM values are actually in the following data, if it is not
* NULL
*/
char *bignum_data;
BN_BLINDING *blinding;
BN_BLINDING *mt_blinding;
CRYPTO_RWLOCK *lock;
};
extern int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
......
......@@ -21,10 +21,10 @@
#include <stdio.h>
#include "internal/cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
#include "rsa_locl.h"
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
......
......@@ -110,8 +110,8 @@
#include "internal/cryptlib.h"
#include "internal/bn_int.h"
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include "rsa_locl.h"
#ifndef RSA_NULL
......
......@@ -60,7 +60,7 @@
#include <time.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include "rsa_locl.h"
/* X9.31 RSA key derivation and generation */
......
......@@ -72,6 +72,7 @@
extern "C" {
# endif
/* The type RSA is defined in ossl_typ.h */
struct rsa_meth_st {
const char *name;
int (*rsa_pub_enc) (int flen, const unsigned char *from,
......@@ -117,42 +118,6 @@ struct rsa_meth_st {
int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
};
struct rsa_st {
/*
* The first parameter is used to pickup errors where this is passed
* instead of aEVP_PKEY, it is set to 0
*/
int pad;
long version;
const RSA_METHOD *meth;
/* functional reference if 'meth' is ENGINE-provided */
ENGINE *engine;
BIGNUM *n;
BIGNUM *e;
BIGNUM *d;
BIGNUM *p;
BIGNUM *q;
BIGNUM *dmp1;
BIGNUM *dmq1;
BIGNUM *iqmp;
/* be careful using this if the RSA structure is shared */
CRYPTO_EX_DATA ex_data;
int references;
int flags;
/* Used to cache montgomery values */
BN_MONT_CTX *_method_mod_n;
BN_MONT_CTX *_method_mod_p;
BN_MONT_CTX *_method_mod_q;
/*
* all BIGNUM values are actually in the following data, if it is not
* NULL
*/
char *bignum_data;
BN_BLINDING *blinding;
BN_BLINDING *mt_blinding;
CRYPTO_RWLOCK *lock;
};
# ifndef OPENSSL_RSA_MAX_MODULUS_BITS
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
# endif
......@@ -308,6 +273,18 @@ int RSA_bits(const RSA *rsa);
int RSA_size(const RSA *rsa);
int RSA_security_bits(const RSA *rsa);
int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d);
int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q);
int RSA_set0_crt_params(RSA *r,BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp);
void RSA_get0_key(const RSA *r, BIGNUM **n, BIGNUM **e, BIGNUM **d);
void RSA_get0_factors(const RSA *r, BIGNUM **p, BIGNUM **q);
void RSA_get0_crt_params(const RSA *r,
BIGNUM **dmp1, BIGNUM **dmq1, BIGNUM **iqmp);
void RSA_clear_flags(RSA *r, int flags);
int RSA_test_flags(const RSA *r, int flags);
void RSA_set_flags(RSA *r, int flags);
ENGINE *RSA_get0_engine(RSA *r);
/* Deprecated version */
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
(*callback) (int, int, void *),
......
......@@ -19,16 +19,19 @@ int main(int argc, char *argv[])
# include <openssl/rsa.h>
# define SetKey \
key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
return (sizeof(ctext_ex) - 1);
RSA_set0_key(key, \
BN_bin2bn(n, sizeof(n)-1, NULL), \
BN_bin2bn(e, sizeof(e)-1, NULL), \
BN_bin2bn(d, sizeof(d)-1, NULL)); \
RSA_set0_factors(key, \
BN_bin2bn(p, sizeof(p)-1, NULL), \
BN_bin2bn(q, sizeof(q)-1, NULL)); \
RSA_set0_crt_params(key, \
BN_bin2bn(dmp1, sizeof(dmp1)-1, NULL), \
BN_bin2bn(dmq1, sizeof(dmq1)-1, NULL), \
BN_bin2bn(iqmp, sizeof(iqmp)-1, NULL)); \
memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
return (sizeof(ctext_ex) - 1);
static int key1(RSA *key, unsigned char *c)
{
......@@ -243,7 +246,7 @@ int main(int argc, char *argv[])
break;
}
if (v / 3 >= 1)
key->flags |= RSA_FLAG_NO_CONSTTIME;
RSA_set_flags(key, RSA_FLAG_NO_CONSTTIME);
num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
RSA_PKCS1_PADDING);
......
Markdown is supported
0% .
You are about to add 0 people to the discussion. Proceed with caution.
先完成此消息的编辑!
想要评论请 注册