Gitiles
Code Review Sign In
gerrit.openfyde.cn / boringssl.googlesource.com / boringssl / 82b2b8574f6d5b48bd8a2b04a03b8f6f1a6ffb42^! / . / crypto / rsa / rsa.c
commit82b2b8574f6d5b48bd8a2b04a03b8f6f1a6ffb42[log] [tgz]
authorDavid Benjamin <davidben@google.com>Wed Apr 12 18:28:48 2017 -0400
committerAdam Langley <agl@google.com>Wed Apr 12 23:14:57 2017 +0000
treed3713c6f676f191306b4d88034ff2113dc45b3dd
parentfb8b763e518da8a146769d5d59a65b186829d15a [diff] [blame]
Unwind multiprime RSA support.

FIPS is not compatible with multiprime RSA. Any multiprime RSA private
keys will fail to parse after this change.

Change-Id: I8d969d668bf0be4f66c66a30e56f0e7f6795f3e9
Reviewed-on: https://boringssl-review.googlesource.com/14984
Reviewed-by: Adam Langley <agl@google.com>

diff --git a/crypto/rsa/rsa.c b/crypto/rsa/rsa.c
index f84c42a..b16d55c 100644
--- a/crypto/rsa/rsa.c
+++ b/crypto/rsa/rsa.c

@@ -110,19 +110,6 @@
   return rsa;
 }
 
-void RSA_additional_prime_free(RSA_additional_prime *ap) {
-  if (ap == NULL) {
-    return;
-  }
-
-  BN_clear_free(ap->prime);
-  BN_clear_free(ap->exp);
-  BN_clear_free(ap->coeff);
-  BN_clear_free(ap->r);
-  BN_MONT_CTX_free(ap->mont);
-  OPENSSL_free(ap);
-}
-
 void RSA_free(RSA *rsa) {
   unsigned u;
 
@@ -157,10 +144,6 @@
   }
   OPENSSL_free(rsa->blindings);
   OPENSSL_free(rsa->blindings_inuse);
-  if (rsa->additional_primes != NULL) {
-    sk_RSA_additional_prime_pop_free(rsa->additional_primes,
-                                     RSA_additional_prime_free);
-  }
   CRYPTO_MUTEX_cleanup(&rsa->lock);
   OPENSSL_free(rsa);
 }
@@ -584,23 +567,6 @@
     goto out;
   }
 
-  size_t num_additional_primes = 0;
-  if (key->additional_primes != NULL) {
-    num_additional_primes = sk_RSA_additional_prime_num(key->additional_primes);
-  }
-
-  for (size_t i = 0; i < num_additional_primes; i++) {
-    const RSA_additional_prime *ap =
-        sk_RSA_additional_prime_value(key->additional_primes, i);
-    if (!BN_mul(&n, &n, ap->prime, ctx) ||
-        !BN_sub(&pm1, ap->prime, BN_value_one()) ||
-        !BN_mul(&lcm, &lcm, &pm1, ctx) ||
-        !BN_gcd(&gcd, &gcd, &pm1, ctx)) {
-      OPENSSL_PUT_ERROR(RSA, ERR_LIB_BN);
-      goto out;
-    }
-  }
-
   if (!BN_div(&lcm, NULL, &lcm, &gcd, ctx) ||
       !BN_gcd(&gcd, &pm1, &qm1, ctx) ||
       /* de = d*e mod lcm(prime-1, for all primes). */
@@ -626,7 +592,7 @@
     goto out;
   }
 
-  if (has_crt_values && num_additional_primes == 0) {
+  if (has_crt_values) {
     if (/* dmp1 = d mod (p-1) */
         !BN_mod(&dmp1, key->d, &pm1, ctx) ||
         /* dmq1 = d mod (q-1) */
@@ -734,11 +700,6 @@
     return 0;
   }
 
-  if (rsa->additional_primes != NULL) {
-    OPENSSL_PUT_ERROR(RSA, RSA_R_CANNOT_RECOVER_MULTI_PRIME_KEY);
-    return 0;
-  }
-
   /* This uses the algorithm from section 9B of the RSA paper:
    * http://people.csail.mit.edu/rivest/Rsapaper.pdf */