New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp.

770d19b8 · Dr. Stephen Henson · 5965902e · 770d19b8 · 770d19b8 · 770d19b8
隐藏空白更改
内联并排

Showing with 23 addition and 8 deletion

CHANGES CHANGES +9 -0

STATUS STATUS +1 -3

crypto/rsa/rsa.h crypto/rsa/rsa.h +7 -1

crypto/rsa/rsa_eay.c crypto/rsa/rsa_eay.c +6 -4

未找到文件。
--- a/CHANGES
+++ b/CHANGES
@@ -4,6 +4,15 @@

 Changes between 0.9.3a and 0.9.4  [xx Jul/Aug/...? 1999]

+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+     RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+     operations.
+     [Steve Henson]
+
  *) Added support for SPARC Linux.
     [Andy Polyakov]


--- a/STATUS
+++ b/STATUS

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/07/25 12:19:02 $
+  ______________                           $Date: 1999/07/27 21:58:06 $

  DEVELOPMENT STATE

@@ -27,8 +27,6 @@

    o Steve is currently working on (in no particular order):
        Proper (or at least usable) certificate chain verification.
-        Documentation on X509 V3 extension code.
-	PKCS #8 and PKCS#5 v2.0 support.
 	Private key, certificate and CRL API and implementation.
 	Checking and bugfixing PKCS#7 (S/MIME code).


--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -108,7 +108,7 @@ struct rsa_st
 	BIGNUM *dmp1;
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
-	/* be carefull using this if the RSA structure is shared */
+	/* be careful using this if the RSA structure is shared */
 	CRYPTO_EX_DATA ex_data;
 	int references;
 	int flags;
@@ -133,6 +133,12 @@ struct rsa_st
 #define RSA_FLAG_CACHE_PRIVATE		0x04
 #define RSA_FLAG_BLINDING		0x08
 #define RSA_FLAG_THREAD_SAFE		0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY		0x20

 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2

--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -205,11 +205,12 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;

-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
@@ -278,11 +279,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;

 	/* do the decrypt */
-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{