summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_eay.c
diff options
context:
space:
mode:
authorbeck <>2017-01-29 17:49:23 +0000
committerbeck <>2017-01-29 17:49:23 +0000
commitd1f47bd292f36094480caa49ada36b99a69c59b0 (patch)
tree1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/rsa/rsa_eay.c
parentf8c627888330b75c2eea8a3c27d0efe947a4f9da (diff)
downloadopenbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_eay.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c72
1 files changed, 28 insertions, 44 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index c4da147ddf..90a3be8dd3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_eay.c,v 1.45 2017/01/21 10:38:29 beck Exp $ */ 1/* $OpenBSD: rsa_eay.c,v 1.46 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -160,19 +160,19 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
160 BN_CTX *ctx = NULL; 160 BN_CTX *ctx = NULL;
161 161
162 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { 162 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
163 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); 163 RSAerror(RSA_R_MODULUS_TOO_LARGE);
164 return -1; 164 return -1;
165 } 165 }
166 166
167 if (BN_ucmp(rsa->n, rsa->e) <= 0) { 167 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
168 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); 168 RSAerror(RSA_R_BAD_E_VALUE);
169 return -1; 169 return -1;
170 } 170 }
171 171
172 /* for large moduli, enforce exponent limit */ 172 /* for large moduli, enforce exponent limit */
173 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { 173 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
174 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { 174 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
175 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); 175 RSAerror(RSA_R_BAD_E_VALUE);
176 return -1; 176 return -1;
177 } 177 }
178 } 178 }
@@ -187,7 +187,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
187 buf = malloc(num); 187 buf = malloc(num);
188 188
189 if (f == NULL || ret == NULL || buf == NULL) { 189 if (f == NULL || ret == NULL || buf == NULL) {
190 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); 190 RSAerror(ERR_R_MALLOC_FAILURE);
191 goto err; 191 goto err;
192 } 192 }
193 193
@@ -207,8 +207,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
207 i = RSA_padding_add_none(buf, num, from, flen); 207 i = RSA_padding_add_none(buf, num, from, flen);
208 break; 208 break;
209 default: 209 default:
210 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, 210 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
211 RSA_R_UNKNOWN_PADDING_TYPE);
212 goto err; 211 goto err;
213 } 212 }
214 if (i <= 0) 213 if (i <= 0)
@@ -219,8 +218,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
219 218
220 if (BN_ucmp(f, rsa->n) >= 0) { 219 if (BN_ucmp(f, rsa->n) >= 0) {
221 /* usually the padding functions would catch this */ 220 /* usually the padding functions would catch this */
222 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, 221 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
223 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
224 goto err; 222 goto err;
225 } 223 }
226 224
@@ -374,7 +372,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
374 buf = malloc(num); 372 buf = malloc(num);
375 373
376 if (f == NULL || ret == NULL || buf == NULL) { 374 if (f == NULL || ret == NULL || buf == NULL) {
377 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 375 RSAerror(ERR_R_MALLOC_FAILURE);
378 goto err; 376 goto err;
379 } 377 }
380 378
@@ -390,8 +388,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
390 break; 388 break;
391 case RSA_SSLV23_PADDING: 389 case RSA_SSLV23_PADDING:
392 default: 390 default:
393 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 391 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
394 RSA_R_UNKNOWN_PADDING_TYPE);
395 goto err; 392 goto err;
396 } 393 }
397 if (i <= 0) 394 if (i <= 0)
@@ -402,24 +399,21 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
402 399
403 if (BN_ucmp(f, rsa->n) >= 0) { 400 if (BN_ucmp(f, rsa->n) >= 0) {
404 /* usually the padding functions would catch this */ 401 /* usually the padding functions would catch this */
405 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 402 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
406 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
407 goto err; 403 goto err;
408 } 404 }
409 405
410 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { 406 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
411 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); 407 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
412 if (blinding == NULL) { 408 if (blinding == NULL) {
413 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 409 RSAerror(ERR_R_INTERNAL_ERROR);
414 ERR_R_INTERNAL_ERROR);
415 goto err; 410 goto err;
416 } 411 }
417 } 412 }
418 413
419 if (blinding != NULL) { 414 if (blinding != NULL) {
420 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { 415 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
421 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 416 RSAerror(ERR_R_MALLOC_FAILURE);
422 ERR_R_MALLOC_FAILURE);
423 goto err; 417 goto err;
424 } 418 }
425 if (!rsa_blinding_convert(blinding, f, unblind, ctx)) 419 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -509,15 +503,14 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
509 buf = malloc(num); 503 buf = malloc(num);
510 504
511 if (!f || !ret || !buf) { 505 if (!f || !ret || !buf) {
512 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); 506 RSAerror(ERR_R_MALLOC_FAILURE);
513 goto err; 507 goto err;
514 } 508 }
515 509
516 /* This check was for equality but PGP does evil things 510 /* This check was for equality but PGP does evil things
517 * and chops off the top '0' bytes */ 511 * and chops off the top '0' bytes */
518 if (flen > num) { 512 if (flen > num) {
519 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 513 RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
520 RSA_R_DATA_GREATER_THAN_MOD_LEN);
521 goto err; 514 goto err;
522 } 515 }
523 516
@@ -526,24 +519,21 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
526 goto err; 519 goto err;
527 520
528 if (BN_ucmp(f, rsa->n) >= 0) { 521 if (BN_ucmp(f, rsa->n) >= 0) {
529 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 522 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
530 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
531 goto err; 523 goto err;
532 } 524 }
533 525
534 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { 526 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
535 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); 527 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
536 if (blinding == NULL) { 528 if (blinding == NULL) {
537 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 529 RSAerror(ERR_R_INTERNAL_ERROR);
538 ERR_R_INTERNAL_ERROR);
539 goto err; 530 goto err;
540 } 531 }
541 } 532 }
542 533
543 if (blinding != NULL) { 534 if (blinding != NULL) {
544 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { 535 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
545 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 536 RSAerror(ERR_R_MALLOC_FAILURE);
546 ERR_R_MALLOC_FAILURE);
547 goto err; 537 goto err;
548 } 538 }
549 if (!rsa_blinding_convert(blinding, f, unblind, ctx)) 539 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -596,13 +586,11 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
596 r = RSA_padding_check_none(to, num, buf, j, num); 586 r = RSA_padding_check_none(to, num, buf, j, num);
597 break; 587 break;
598 default: 588 default:
599 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 589 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
600 RSA_R_UNKNOWN_PADDING_TYPE);
601 goto err; 590 goto err;
602 } 591 }
603 if (r < 0) 592 if (r < 0)
604 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 593 RSAerror(RSA_R_PADDING_CHECK_FAILED);
605 RSA_R_PADDING_CHECK_FAILED);
606 594
607err: 595err:
608 if (ctx != NULL) { 596 if (ctx != NULL) {
@@ -628,19 +616,19 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
628 BN_CTX *ctx = NULL; 616 BN_CTX *ctx = NULL;
629 617
630 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { 618 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
631 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); 619 RSAerror(RSA_R_MODULUS_TOO_LARGE);
632 return -1; 620 return -1;
633 } 621 }
634 622
635 if (BN_ucmp(rsa->n, rsa->e) <= 0) { 623 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
636 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); 624 RSAerror(RSA_R_BAD_E_VALUE);
637 return -1; 625 return -1;
638 } 626 }
639 627
640 /* for large moduli, enforce exponent limit */ 628 /* for large moduli, enforce exponent limit */
641 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { 629 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
642 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { 630 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
643 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); 631 RSAerror(RSA_R_BAD_E_VALUE);
644 return -1; 632 return -1;
645 } 633 }
646 } 634 }
@@ -655,15 +643,14 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
655 buf = malloc(num); 643 buf = malloc(num);
656 644
657 if (!f || !ret || !buf) { 645 if (!f || !ret || !buf) {
658 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); 646 RSAerror(ERR_R_MALLOC_FAILURE);
659 goto err; 647 goto err;
660 } 648 }
661 649
662 /* This check was for equality but PGP does evil things 650 /* This check was for equality but PGP does evil things
663 * and chops off the top '0' bytes */ 651 * and chops off the top '0' bytes */
664 if (flen > num) { 652 if (flen > num) {
665 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 653 RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
666 RSA_R_DATA_GREATER_THAN_MOD_LEN);
667 goto err; 654 goto err;
668 } 655 }
669 656
@@ -671,8 +658,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
671 goto err; 658 goto err;
672 659
673 if (BN_ucmp(f, rsa->n) >= 0) { 660 if (BN_ucmp(f, rsa->n) >= 0) {
674 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 661 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
675 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
676 goto err; 662 goto err;
677 } 663 }
678 664
@@ -703,13 +689,11 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
703 r = RSA_padding_check_none(to, num, buf, i, num); 689 r = RSA_padding_check_none(to, num, buf, i, num);
704 break; 690 break;
705 default: 691 default:
706 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 692 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
707 RSA_R_UNKNOWN_PADDING_TYPE);
708 goto err; 693 goto err;
709 } 694 }
710 if (r < 0) 695 if (r < 0)
711 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 696 RSAerror(RSA_R_PADDING_CHECK_FAILED);
712 RSA_R_PADDING_CHECK_FAILED);
713 697
714err: 698err:
715 if (ctx != NULL) { 699 if (ctx != NULL) {
@@ -735,7 +719,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
735 m1 = BN_CTX_get(ctx); 719 m1 = BN_CTX_get(ctx);
736 vrfy = BN_CTX_get(ctx); 720 vrfy = BN_CTX_get(ctx);
737 if (r1 == NULL || m1 == NULL || vrfy == NULL) { 721 if (r1 == NULL || m1 == NULL || vrfy == NULL) {
738 RSAerr(RSA_F_RSA_EAY_MOD_EXP, ERR_R_MALLOC_FAILURE); 722 RSAerror(ERR_R_MALLOC_FAILURE);
739 goto err; 723 goto err;
740 } 724 }
741 725
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-10-24 17:49:34 +0000