diff options
| author | miod <> | 2014-07-09 08:20:08 +0000 |
|---|---|---|
| committer | miod <> | 2014-07-09 08:20:08 +0000 |
| commit | 8cbe58f0d357b14b0ce292d336469d0554a567bc (patch) | |
| tree | 07872a7ef59da8cea3b3b4a101fa3580e4d658c0 /src/lib/libcrypto/rsa/rsa_chk.c | |
| parent | bc1209e388500a20f5e75cab35d1b543ce0bbe74 (diff) | |
| download | openbsd-8cbe58f0d357b14b0ce292d336469d0554a567bc.tar.gz openbsd-8cbe58f0d357b14b0ce292d336469d0554a567bc.tar.bz2 openbsd-8cbe58f0d357b14b0ce292d336469d0554a567bc.zip | |
KNF
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_chk.c')
| -rw-r--r-- | src/lib/libcrypto/rsa/rsa_chk.c | 145 |
1 files changed, 87 insertions, 58 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c index d7e496aab2..54113f89f6 100644 --- a/src/lib/libcrypto/rsa/rsa_chk.c +++ b/src/lib/libcrypto/rsa/rsa_chk.c | |||
| @@ -1,4 +1,4 @@ | |||
| 1 | /* $OpenBSD: rsa_chk.c,v 1.6 2014/06/12 15:49:30 deraadt Exp $ */ | 1 | /* $OpenBSD: rsa_chk.c,v 1.7 2014/07/09 08:20:08 miod Exp $ */ |
| 2 | /* ==================================================================== | 2 | /* ==================================================================== |
| 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. | 3 | * Copyright (c) 1999 The OpenSSL Project. All rights reserved. |
| 4 | * | 4 | * |
| @@ -53,18 +53,18 @@ | |||
| 53 | #include <openssl/rsa.h> | 53 | #include <openssl/rsa.h> |
| 54 | 54 | ||
| 55 | 55 | ||
| 56 | int RSA_check_key(const RSA *key) | 56 | int |
| 57 | { | 57 | RSA_check_key(const RSA *key) |
| 58 | { | ||
| 58 | BIGNUM *i, *j, *k, *l, *m; | 59 | BIGNUM *i, *j, *k, *l, *m; |
| 59 | BN_CTX *ctx; | 60 | BN_CTX *ctx; |
| 60 | int r; | 61 | int r; |
| 61 | int ret=1; | 62 | int ret = 1; |
| 62 | 63 | ||
| 63 | if (!key->p || !key->q || !key->n || !key->e || !key->d) | 64 | if (!key->p || !key->q || !key->n || !key->e || !key->d) { |
| 64 | { | ||
| 65 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); | 65 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); |
| 66 | return 0; | 66 | return 0; |
| 67 | } | 67 | } |
| 68 | 68 | ||
| 69 | i = BN_new(); | 69 | i = BN_new(); |
| 70 | j = BN_new(); | 70 | j = BN_new(); |
| @@ -72,119 +72,148 @@ int RSA_check_key(const RSA *key) | |||
| 72 | l = BN_new(); | 72 | l = BN_new(); |
| 73 | m = BN_new(); | 73 | m = BN_new(); |
| 74 | ctx = BN_CTX_new(); | 74 | ctx = BN_CTX_new(); |
| 75 | if (i == NULL || j == NULL || k == NULL || l == NULL || | 75 | if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL || |
| 76 | m == NULL || ctx == NULL) | 76 | ctx == NULL) { |
| 77 | { | ||
| 78 | ret = -1; | 77 | ret = -1; |
| 79 | RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); | 78 | RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); |
| 80 | goto err; | 79 | goto err; |
| 81 | } | 80 | } |
| 82 | 81 | ||
| 83 | /* p prime? */ | 82 | /* p prime? */ |
| 84 | r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); | 83 | r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); |
| 85 | if (r != 1) | 84 | if (r != 1) { |
| 86 | { | ||
| 87 | ret = r; | 85 | ret = r; |
| 88 | if (r != 0) | 86 | if (r != 0) |
| 89 | goto err; | 87 | goto err; |
| 90 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); | 88 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); |
| 91 | } | 89 | } |
| 92 | 90 | ||
| 93 | /* q prime? */ | 91 | /* q prime? */ |
| 94 | r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); | 92 | r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); |
| 95 | if (r != 1) | 93 | if (r != 1) { |
| 96 | { | ||
| 97 | ret = r; | 94 | ret = r; |
| 98 | if (r != 0) | 95 | if (r != 0) |
| 99 | goto err; | 96 | goto err; |
| 100 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); | 97 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); |
| 101 | } | 98 | } |
| 102 | 99 | ||
| 103 | /* n = p*q? */ | 100 | /* n = p*q? */ |
| 104 | r = BN_mul(i, key->p, key->q, ctx); | 101 | r = BN_mul(i, key->p, key->q, ctx); |
| 105 | if (!r) { ret = -1; goto err; } | 102 | if (!r) { |
| 103 | ret = -1; | ||
| 104 | goto err; | ||
| 105 | } | ||
| 106 | 106 | ||
| 107 | if (BN_cmp(i, key->n) != 0) | 107 | if (BN_cmp(i, key->n) != 0) { |
| 108 | { | ||
| 109 | ret = 0; | 108 | ret = 0; |
| 110 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); | 109 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); |
| 111 | } | 110 | } |
| 112 | 111 | ||
| 113 | /* d*e = 1 mod lcm(p-1,q-1)? */ | 112 | /* d*e = 1 mod lcm(p-1,q-1)? */ |
| 114 | 113 | ||
| 115 | r = BN_sub(i, key->p, BN_value_one()); | 114 | r = BN_sub(i, key->p, BN_value_one()); |
| 116 | if (!r) { ret = -1; goto err; } | 115 | if (!r) { |
| 116 | ret = -1; | ||
| 117 | goto err; | ||
| 118 | } | ||
| 117 | r = BN_sub(j, key->q, BN_value_one()); | 119 | r = BN_sub(j, key->q, BN_value_one()); |
| 118 | if (!r) { ret = -1; goto err; } | 120 | if (!r) { |
| 121 | ret = -1; | ||
| 122 | goto err; | ||
| 123 | } | ||
| 119 | 124 | ||
| 120 | /* now compute k = lcm(i,j) */ | 125 | /* now compute k = lcm(i,j) */ |
| 121 | r = BN_mul(l, i, j, ctx); | 126 | r = BN_mul(l, i, j, ctx); |
| 122 | if (!r) { ret = -1; goto err; } | 127 | if (!r) { |
| 128 | ret = -1; | ||
| 129 | goto err; | ||
| 130 | } | ||
| 123 | r = BN_gcd(m, i, j, ctx); | 131 | r = BN_gcd(m, i, j, ctx); |
| 124 | if (!r) { ret = -1; goto err; } | 132 | if (!r) { |
| 133 | ret = -1; | ||
| 134 | goto err; | ||
| 135 | } | ||
| 125 | r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ | 136 | r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ |
| 126 | if (!r) { ret = -1; goto err; } | 137 | if (!r) { |
| 138 | ret = -1; | ||
| 139 | goto err; | ||
| 140 | } | ||
| 127 | 141 | ||
| 128 | r = BN_mod_mul(i, key->d, key->e, k, ctx); | 142 | r = BN_mod_mul(i, key->d, key->e, k, ctx); |
| 129 | if (!r) { ret = -1; goto err; } | 143 | if (!r) { |
| 144 | ret = -1; | ||
| 145 | goto err; | ||
| 146 | } | ||
| 130 | 147 | ||
| 131 | if (!BN_is_one(i)) | 148 | if (!BN_is_one(i)) { |
| 132 | { | ||
| 133 | ret = 0; | 149 | ret = 0; |
| 134 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); | 150 | RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); |
| 135 | } | 151 | } |
| 136 | 152 | ||
| 137 | if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) | 153 | if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { |
| 138 | { | ||
| 139 | /* dmp1 = d mod (p-1)? */ | 154 | /* dmp1 = d mod (p-1)? */ |
| 140 | r = BN_sub(i, key->p, BN_value_one()); | 155 | r = BN_sub(i, key->p, BN_value_one()); |
| 141 | if (!r) { ret = -1; goto err; } | 156 | if (!r) { |
| 157 | ret = -1; | ||
| 158 | goto err; | ||
| 159 | } | ||
| 142 | 160 | ||
| 143 | r = BN_mod(j, key->d, i, ctx); | 161 | r = BN_mod(j, key->d, i, ctx); |
| 144 | if (!r) { ret = -1; goto err; } | 162 | if (!r) { |
| 163 | ret = -1; | ||
| 164 | goto err; | ||
| 165 | } | ||
| 145 | 166 | ||
| 146 | if (BN_cmp(j, key->dmp1) != 0) | 167 | if (BN_cmp(j, key->dmp1) != 0) { |
| 147 | { | ||
| 148 | ret = 0; | 168 | ret = 0; |
| 149 | RSAerr(RSA_F_RSA_CHECK_KEY, | 169 | RSAerr(RSA_F_RSA_CHECK_KEY, |
| 150 | RSA_R_DMP1_NOT_CONGRUENT_TO_D); | 170 | RSA_R_DMP1_NOT_CONGRUENT_TO_D); |
| 151 | } | 171 | } |
| 152 | 172 | ||
| 153 | /* dmq1 = d mod (q-1)? */ | 173 | /* dmq1 = d mod (q-1)? */ |
| 154 | r = BN_sub(i, key->q, BN_value_one()); | 174 | r = BN_sub(i, key->q, BN_value_one()); |
| 155 | if (!r) { ret = -1; goto err; } | 175 | if (!r) { |
| 176 | ret = -1; | ||
| 177 | goto err; | ||
| 178 | } | ||
| 156 | 179 | ||
| 157 | r = BN_mod(j, key->d, i, ctx); | 180 | r = BN_mod(j, key->d, i, ctx); |
| 158 | if (!r) { ret = -1; goto err; } | 181 | if (!r) { |
| 182 | ret = -1; | ||
| 183 | goto err; | ||
| 184 | } | ||
| 159 | 185 | ||
| 160 | if (BN_cmp(j, key->dmq1) != 0) | 186 | if (BN_cmp(j, key->dmq1) != 0) { |
| 161 | { | ||
| 162 | ret = 0; | 187 | ret = 0; |
| 163 | RSAerr(RSA_F_RSA_CHECK_KEY, | 188 | RSAerr(RSA_F_RSA_CHECK_KEY, |
| 164 | RSA_R_DMQ1_NOT_CONGRUENT_TO_D); | 189 | RSA_R_DMQ1_NOT_CONGRUENT_TO_D); |
| 165 | } | 190 | } |
| 166 | 191 | ||
| 167 | /* iqmp = q^-1 mod p? */ | 192 | /* iqmp = q^-1 mod p? */ |
| 168 | if(!BN_mod_inverse(i, key->q, key->p, ctx)) | 193 | if (!BN_mod_inverse(i, key->q, key->p, ctx)) { |
| 169 | { | ||
| 170 | ret = -1; | 194 | ret = -1; |
| 171 | goto err; | 195 | goto err; |
| 172 | } | 196 | } |
| 173 | 197 | ||
| 174 | if (BN_cmp(i, key->iqmp) != 0) | 198 | if (BN_cmp(i, key->iqmp) != 0) { |
| 175 | { | ||
| 176 | ret = 0; | 199 | ret = 0; |
| 177 | RSAerr(RSA_F_RSA_CHECK_KEY, | 200 | RSAerr(RSA_F_RSA_CHECK_KEY, |
| 178 | RSA_R_IQMP_NOT_INVERSE_OF_Q); | 201 | RSA_R_IQMP_NOT_INVERSE_OF_Q); |
| 179 | } | ||
| 180 | } | 202 | } |
| 203 | } | ||
| 181 | 204 | ||
| 182 | err: | 205 | err: |
| 183 | if (i != NULL) BN_free(i); | 206 | if (i != NULL) |
| 184 | if (j != NULL) BN_free(j); | 207 | BN_free(i); |
| 185 | if (k != NULL) BN_free(k); | 208 | if (j != NULL) |
| 186 | if (l != NULL) BN_free(l); | 209 | BN_free(j); |
| 187 | if (m != NULL) BN_free(m); | 210 | if (k != NULL) |
| 188 | if (ctx != NULL) BN_CTX_free(ctx); | 211 | BN_free(k); |
| 212 | if (l != NULL) | ||
| 213 | BN_free(l); | ||
| 214 | if (m != NULL) | ||
| 215 | BN_free(m); | ||
| 216 | if (ctx != NULL) | ||
| 217 | BN_CTX_free(ctx); | ||
| 189 | return (ret); | 218 | return (ret); |
| 190 | } | 219 | } |