* [including the GNU Public Licence.]
*/
-#include <stdio.h>
+#define OPENSSL_FIPSAPI
+
#include "cryptlib.h"
#include "bn_lcl.h"
BIGNUM *Ai;
BIGNUM *e;
BIGNUM *mod; /* just a reference */
-/* FIXME: should really try to remove these, but the deprecated APIs that are
- * using them would need to be fudged somehow. */
#ifndef OPENSSL_NO_DEPRECATED
unsigned long thread_id; /* added in OpenSSL 0.9.6j and 0.9.7b;
* used only by crypto/rsa/rsa_eay.c, rsa_lib.c */
#endif
CRYPTO_THREADID tid;
- unsigned int counter;
+ int counter;
unsigned long flags;
BN_MONT_CTX *m_ctx;
int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
if (BN_get_flags(mod, BN_FLG_CONSTTIME) != 0)
BN_set_flags(ret->mod, BN_FLG_CONSTTIME);
- ret->counter = BN_BLINDING_COUNTER;
+ /* Set the counter to the special value -1
+ * to indicate that this is never-used fresh blinding
+ * that does not need updating before first use. */
+ ret->counter = -1;
+ CRYPTO_THREADID_current(&ret->tid);
return(ret);
err:
if (ret != NULL) BN_BLINDING_free(ret);
goto err;
}
- if (--(b->counter) == 0 && b->e != NULL &&
+ if (b->counter == -1)
+ b->counter = 0;
+
+ if (++b->counter == BN_BLINDING_COUNTER && b->e != NULL &&
!(b->flags & BN_BLINDING_NO_RECREATE))
{
/* re-create blinding parameters */
ret=1;
err:
- if (b->counter == 0)
- b->counter = BN_BLINDING_COUNTER;
+ if (b->counter == BN_BLINDING_COUNTER)
+ b->counter = 0;
return(ret);
}
return(0);
}
+ if (b->counter == -1)
+ /* Fresh blinding, doesn't need updating. */
+ b->counter = 0;
+ else if (!BN_BLINDING_update(b,ctx))
+ return(0);
+
if (r != NULL)
{
if (!BN_copy(r, b->Ai)) ret=0;
int ret;
bn_check_top(n);
- if ((b->A == NULL) || (b->Ai == NULL))
- {
- BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
- return(0);
- }
if (r != NULL)
ret = BN_mod_mul(n, n, r, b->mod, ctx);
else
- ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
-
- if (ret >= 0)
{
- if (!BN_BLINDING_update(b,ctx))
+ if (b->Ai == NULL)
+ {
+ BNerr(BN_F_BN_BLINDING_INVERT_EX,BN_R_NOT_INITIALIZED);
return(0);
+ }
+ ret = BN_mod_mul(n, n, b->Ai, b->mod, ctx);
}
+
bn_check_top(n);
return(ret);
}
}
#endif
-void BN_BLINDING_set_thread(BN_BLINDING *b)
- {
- CRYPTO_THREADID_set(&b->tid);
- }
-
-int BN_BLINDING_cmp_thread(const BN_BLINDING *b, const CRYPTO_THREADID *tid)
+CRYPTO_THREADID *BN_BLINDING_thread_id(BN_BLINDING *b)
{
- return CRYPTO_THREADID_cmp(&b->tid, tid);
+ return &b->tid;
}
unsigned long BN_BLINDING_get_flags(const BN_BLINDING *b)
ret->m_ctx = m_ctx;
do {
+ int rv;
if (!BN_rand_range(ret->A, ret->mod)) goto err;
- if (BN_mod_inverse(ret->Ai, ret->A, ret->mod, ctx) == NULL)
+ if (!int_bn_mod_inverse(ret->Ai, ret->A, ret->mod, ctx, &rv))
{
/* this should almost never happen for good RSA keys */
- unsigned long error = ERR_peek_last_error();
- if (ERR_GET_REASON(error) == BN_R_NO_INVERSE)
+ if (rv)
{
if (retry_counter-- == 0)
{
BN_R_TOO_MANY_ITERATIONS);
goto err;
}
- ERR_clear_error();
}
else
goto err;