New RSA flag RSA_FLAG_EXT_PKEY, to always call rsa_mod_exp.

1999-07-27 21:58:08 +00:00 · 1999-07-27 21:58:08 +00:00 · 770d19b862
commit 770d19b862
parent 5965902e6e
4 changed files with 23 additions and 8 deletions
--- a/9
+++ b/9
@ -4,6 +4,15 @@

 Changes between 0.9.3a and 0.9.4  [xx Jul/Aug/...? 1999]

+  *) Added an extra RSA flag: RSA_FLAG_EXT_PKEY. Previously the rsa_mod_exp
+     method only got called if p,q,dmp1,dmq1,iqmp components were present,
+     otherwise bn_mod_exp was called. In the case of hardware keys for example
+     no private key components need be present and it might store extra data
+     in the RSA structure, which cannot be accessed from bn_mod_exp. By setting
+     RSA_FLAG_EXT_PKEY rsa_mod_exp will always be called for private key
+     operations.
+     [Steve Henson]
+
  *) Added support for SPARC Linux.
     [Andy Polyakov]

--- a/4
+++ b/4
@ -1,6 +1,6 @@

  OpenSSL STATUS                           Last modified at
-  ______________                           $Date: 1999/07/25 12:19:02 $
+  ______________                           $Date: 1999/07/27 21:58:06 $

  DEVELOPMENT STATE

@ -27,8 +27,6 @@

    o Steve is currently working on (in no particular order):
        Proper (or at least usable) certificate chain verification.
-        Documentation on X509 V3 extension code.
-	PKCS #8 and PKCS#5 v2.0 support.
 	Private key, certificate and CRL API and implementation.
 	Checking and bugfixing PKCS#7 (S/MIME code).

--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@ -108,7 +108,7 @@ struct rsa_st
 	BIGNUM *dmp1;
 	BIGNUM *dmq1;
 	BIGNUM *iqmp;
-	/* be carefull using this if the RSA structure is shared */
+	/* be careful using this if the RSA structure is shared */
 	CRYPTO_EX_DATA ex_data;
 	int references;
 	int flags;
@ -133,6 +133,12 @@ struct rsa_st
 #define RSA_FLAG_CACHE_PRIVATE		0x04
 #define RSA_FLAG_BLINDING		0x08
 #define RSA_FLAG_THREAD_SAFE		0x10
+/* This flag means the private key operations will be handled by rsa_mod_exp
+ * and that they do not depend on the private key components being present:
+ * for example a key stored in external hardware. Without this flag bn_mod_exp
+ * gets called when private key components are absent.
+ */
+#define RSA_FLAG_EXT_PKEY		0x20

 #define RSA_PKCS1_PADDING	1
 #define RSA_SSLV23_PADDING	2
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@ -205,11 +205,12 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from,
 	if (rsa->flags & RSA_FLAG_BLINDING)
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;

-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{
@ -278,11 +279,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
 		if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;

 	/* do the decrypt */
-	if (	(rsa->p != NULL) &&
+	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
+		((rsa->p != NULL) &&
 		(rsa->q != NULL) &&
 		(rsa->dmp1 != NULL) &&
 		(rsa->dmq1 != NULL) &&
-		(rsa->iqmp != NULL))
+		(rsa->iqmp != NULL)) )
 		{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
 	else
 		{