diff options
Diffstat (limited to 'crypto')
| -rw-r--r-- | crypto/rsa/rsa.h | 8 | ||||
| -rw-r--r-- | crypto/rsa/rsa_eay.c | 10 |
2 files changed, 13 insertions, 5 deletions
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 0d0158dc06..9230b2fcc9 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -108,7 +108,7 @@ struct rsa_st BIGNUM *dmp1; BIGNUM *dmq1; BIGNUM *iqmp; - /* be carefull using this if the RSA structure is shared */ + /* be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; int references; int flags; @@ -133,6 +133,12 @@ struct rsa_st #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 #define RSA_FLAG_THREAD_SAFE 0x10 +/* This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag bn_mod_exp + * gets called when private key components are absent. + */ +#define RSA_FLAG_EXT_PKEY 0x20 #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 4525e6676c..7f51c42e9f 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -205,11 +205,12 @@ static int RSA_eay_private_encrypt(int flen, unsigned char *from, if (rsa->flags & RSA_FLAG_BLINDING) if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; - if ( (rsa->p != NULL) && + if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || + ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && - (rsa->iqmp != NULL)) + (rsa->iqmp != NULL)) ) { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { @@ -278,11 +279,12 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; /* do the decrypt */ - if ( (rsa->p != NULL) && + if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || + ((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && - (rsa->iqmp != NULL)) + (rsa->iqmp != NULL)) ) { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { |