Add functions returning security bits.

[openssl.git] / crypto / rsa / rsa_lib.c

diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 533a711eda2b8ca092af80cbfcb99f4518db4f4b..ba277cacd87bc1ae5896284afd1ce90c60ed7bf5 100644 (file)
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -67,7 +67,7 @@
 #include <openssl/engine.h>
 #endif
 
-const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
+const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
 
 static const RSA_METHOD *default_RSA_meth=NULL;
 
@@ -89,12 +89,8 @@ const RSA_METHOD *RSA_get_default_method(void)
                {
 #ifdef RSA_NULL
                default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
-               default_RSA_meth=RSA_PKCS1_RSAref();
 #else
                default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
 #endif
                }
 
@@ -181,8 +177,17 @@ RSA *RSA_new_method(ENGINE *engine)
        ret->blinding=NULL;
        ret->mt_blinding=NULL;
        ret->bignum_data=NULL;
-       ret->flags=ret->meth->flags;
-       CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+       ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
+       if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+               {
+#ifndef OPENSSL_NO_ENGINE
+       if (ret->engine)
+               ENGINE_finish(ret->engine);
+#endif
+               OPENSSL_free(ret);
+               return(NULL);
+               }
+
        if ((ret->meth->init != NULL) && !ret->meth->init(ret))
                {
 #ifndef OPENSSL_NO_ENGINE
@@ -271,151 +276,6 @@ void *RSA_get_ex_data(const RSA *r, int idx)
        return(CRYPTO_get_ex_data(&r->ex_data,idx));
        }
 
-int RSA_size(const RSA *r)
-       {
-       return(BN_num_bytes(r->n));
-       }
-
-int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
-       }
-
-int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
-       }
-
-int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
-       }
-
-int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
-            RSA *rsa, int padding)
-       {
-       return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
-       }
-
-int RSA_flags(const RSA *r)
-       {
-       return((r == NULL)?0:r->meth->flags);
-       }
-
-void RSA_blinding_off(RSA *rsa)
-       {
-       if (rsa->blinding != NULL)
-               {
-               BN_BLINDING_free(rsa->blinding);
-               rsa->blinding=NULL;
-               }
-       rsa->flags &= ~RSA_FLAG_BLINDING;
-       rsa->flags |= RSA_FLAG_NO_BLINDING;
-       }
-
-int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
-       {
-       int ret=0;
-
-       if (rsa->blinding != NULL)
-               RSA_blinding_off(rsa);
-
-       rsa->blinding = RSA_setup_blinding(rsa, ctx);
-       if (rsa->blinding == NULL)
-               goto err;
-
-       rsa->flags |= RSA_FLAG_BLINDING;
-       rsa->flags &= ~RSA_FLAG_NO_BLINDING;
-       ret=1;
-err:
-       return(ret);
-       }
-
-static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
-       const BIGNUM *q, BN_CTX *ctx)
-{
-       BIGNUM *ret = NULL, *r0, *r1, *r2;
-
-       if (d == NULL || p == NULL || q == NULL)
-               return NULL;
-
-       BN_CTX_start(ctx);
-       r0 = BN_CTX_get(ctx);
-       r1 = BN_CTX_get(ctx);
-       r2 = BN_CTX_get(ctx);
-       if (r2 == NULL)
-               goto err;
-
-       if (!BN_sub(r1, p, BN_value_one())) goto err;
-       if (!BN_sub(r2, q, BN_value_one())) goto err;
-       if (!BN_mul(r0, r1, r2, ctx)) goto err;
-
-       ret = BN_mod_inverse(NULL, d, r0, ctx);
-err:
-       BN_CTX_end(ctx);
-       return ret;
-}
-
-BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
-{
-       BIGNUM *e;
-       BN_CTX *ctx;
-       BN_BLINDING *ret = NULL;
-
-       if (in_ctx == NULL)
-               {
-               if ((ctx = BN_CTX_new()) == NULL) return 0;
-               }
-       else
-               ctx = in_ctx;
-
-       BN_CTX_start(ctx);
-       e  = BN_CTX_get(ctx);
-       if (e == NULL)
-               {
-               RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
-               goto err;
-               }
-
-       if (rsa->e == NULL)
-               {
-               e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
-               if (e == NULL)
-                       {
-                       RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
-                       goto err;
-                       }
-               }
-       else
-               e = rsa->e;
-
-       
-       if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
-               {
-               /* if PRNG is not properly seeded, resort to secret
-                * exponent as unpredictable seed */
-               RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
-               }
-
-       ret = BN_BLINDING_create_param(NULL, e, rsa->n, ctx,
-                       rsa->meth->bn_mod_exp, rsa->_method_mod_n);
-       if (ret == NULL)
-               {
-               RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
-               goto err;
-               }
-       BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
-err:
-       BN_CTX_end(ctx);
-       if (in_ctx == NULL)
-               BN_CTX_free(ctx);
-
-       return ret;
-}
-
 int RSA_memory_lock(RSA *r)
        {
        int i,j,k,off;
@@ -460,3 +320,8 @@ int RSA_memory_lock(RSA *r)
        r->bignum_data=p;
        return(1);
        }
+
+int RSA_security_bits(const RSA *rsa)
+       {
+       return BN_security_bits(BN_num_bits(rsa->n), -1);
+       }