* [including the GNU Public Licence.]
*/
+#define OPENSSL_FIPSAPI
+
#include <stdio.h>
#include "cryptlib.h"
#include "bn_lcl.h"
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
-/* FIXME: should really try to remove these, but the deprecated APIs that are
- * using them would need to be fudged somehow. */
#ifndef OPENSSL_NO_DEPRECATED
unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
* used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
ret->counter = BN_BLINDING_COUNTER;
+ CRYPTO_THREADID_current(&ret->tid);
return(ret);
err:
if (ret != NULL) BN_BLINDING_free(ret);
}
#endif
-void BN_BLINDING_set_thread(BN_BLINDING *b)
- {
- CRYPTO_THREADID_set(&b->tid);
- }
-
-int BN_BLINDING_cmp_thread(const BN_BLINDING *b, const CRYPTO_THREADID *tid)
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
{
- return CRYPTO_THREADID_cmp(&b->tid, tid);
+ return &b->tid;
}
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
ret->m_ctx = m_ctx;
do {
+ int rv;
if (!BN_rand_range(ret->A, ret->mod)) goto err;
- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
+ if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
{
/* this should almost never happen for good RSA keys */
- unsigned long error = ERR_peek_last_error();
- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
+ if (rv)
{
if (retry_counter-- == 0)
{
BN_R_TOO_MANY_ITERATIONS);
goto err;
}
- ERR_clear_error();
}
else
goto err;