diff --git a/src/tpm2/crypto/openssl/CryptRsa.c b/src/tpm2/crypto/openssl/CryptRsa.c index 8da00b4f..d12be984 100644 --- a/src/tpm2/crypto/openssl/CryptRsa.c +++ b/src/tpm2/crypto/openssl/CryptRsa.c @@ -153,22 +153,16 @@ ComputePrivateExponent( static BOOL RsaPrivateKeyOp( bigNum inOut, // IN/OUT: number to be exponentiated - bigNum N, // IN: public modulus (can be NULL if CRT) bigNum P, // IN: one of the primes (can be NULL if not CRT) privateExponent_t *pExp ) { - BOOL OK; -#if CRT_FORMAT_RSA == NO - (P); - OK = BnModExp(inOut, inOut, (bigNum)&pExp->D, N); -#else BN_RSA(M1); BN_RSA(M2); BN_RSA(M); BN_RSA(H); + // bigNum Q = (bigNum)&pExp->Q; - NOT_REFERENCED(N); // Make P the larger prime. // NOTE that when the CRT form of the private key is created, dP will always // be computed using the larger of p and q so the only thing needed here is that @@ -180,19 +174,20 @@ RsaPrivateKeyOp( Q = T; } // m1 = cdP mod p - OK = BnModExp(M1, inOut, (bigNum)&pExp->dP, P); + VERIFY(BnModExp(M1, inOut, (bigNum)&pExp->dP, P)); // m2 = cdQ mod q - OK = OK && BnModExp(M2, inOut, (bigNum)&pExp->dQ, Q); + VERIFY(BnModExp(M2, inOut, (bigNum)&pExp->dQ, Q)); // h = qInv * (m1 - m2) mod p = qInv * (m1 + P - m2) mod P because Q < P // so m2 < P - OK = OK && BnSub(H, P, M2); - OK = OK && BnAdd(H, H, M1); - OK = OK && BnModMult(H, H, (bigNum)&pExp->qInv, P); + VERIFY(BnSub(H, P, M2)); + VERIFY(BnAdd(H, H, M1)); + VERIFY(BnModMult(H, H, (bigNum)&pExp->qInv, P)); // m = m2 + h * q - OK = OK && BnMult(M, H, Q); - OK = OK && BnAdd(inOut, M2, M); -#endif - return OK; + VERIFY(BnMult(M, H, Q)); + VERIFY(BnAdd(inOut, M2, M)); + return TRUE; + Error: + return FALSE; } /* 10.2.17.4.3 RSAEP() */ /* This function performs the RSAEP operation defined in PKCS#1v2.1. It is an exponentiation of a @@ -252,7 +247,7 @@ RSADP( // been done if(!key->attributes.privateExp) CryptRsaLoadPrivateExponent(key); - if(!RsaPrivateKeyOp(bnM, bnN, bnP, &key->privateExponent)) + if(!RsaPrivateKeyOp(bnM, bnP, &key->privateExponent)) FAIL(FATAL_ERROR_INTERNAL); BnTo2B(bnM, inOut, inOut->size); return TPM_RC_SUCCESS; @@ -1252,7 +1247,7 @@ CryptRsaGenerateKey( // Encrypt with public exponent... BnModExp(temp2, temp1, bnPubExp, bnN); // ... then decrypt with private exponent - RsaPrivateKeyOp(temp2, bnN, bnP, &rsaKey->privateExponent); + RsaPrivateKeyOp(temp2, bnP, &rsaKey->privateExponent); // If the starting and ending values are not the same, // start over )-; if(BnUnsignedCmp(temp2, temp1) != 0)