Stop supporting the long-retired X9.31 standard

This isolates the three API functions from the library so they can be easily removed and any attempt to use RSA_X931_PADDING mode will now result in an error. ok jsing
author: tb <> 2023-04-15 18:48:52 +0000
committer: tb <> 2023-04-15 18:48:52 +0000
commit: 0d8d33f95bb60ebc48034e0510af8a3adb7c1afa (patch)
tree: c5e041fba224aef85a1fe53c56b348d8e8b0cf1d /src/lib/libcrypto/rsa/rsa_eay.c
parent: dd4d11ff3980719420626572b001eadad7632ea5 (diff)
download: openbsd-0d8d33f95bb60ebc48034e0510af8a3adb7c1afa.tar.gz
openbsd-0d8d33f95bb60ebc48034e0510af8a3adb7c1afa.tar.bz2
openbsd-0d8d33f95bb60ebc48034e0510af8a3adb7c1afa.zip
1 files changed, 11 insertions, 19 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index b307a8bd88..e65319bda1 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_eay.c,v 1.58 2023/04/05 11:31:38 tb Exp $ */
+/* $OpenBSD: rsa_eay.c,v 1.59 2023/04/15 18:48:52 tb Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
 * All rights reserved.
 *
@@ -382,14 +382,11 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
        case RSA_PKCS1_PADDING:
                i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
                break;
-        case RSA_X931_PADDING:
-                i = RSA_padding_add_X931(buf, num, from, flen);
-                break;
        case RSA_NO_PADDING:
                i = RSA_padding_add_none(buf, num, from, flen);
                break;
        default:
-                RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
+                RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
                goto err;
        }
        if (i <= 0)
@@ -449,14 +446,11 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
                        goto err;
        if (padding == RSA_X931_PADDING) {
-                if (!BN_sub(f, rsa->n, ret))
+                RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
-                        goto err;
+                goto err;
-                if (BN_cmp(ret, f) > 0)
+        }
-                        res = f;
-                else
+        res = ret;
-                        res = ret;
-        } else
-                res = ret;
        /* put in leading 0 bytes if the number is less than the
         * length of the modulus */
@@ -667,9 +661,10 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
            rsa->_method_mod_n))
                goto err;
-        if (padding == RSA_X931_PADDING && (ret->d[0] & 0xf) != 12)
+        if (padding == RSA_X931_PADDING) {
-                if (!BN_sub(ret, rsa->n, ret))
+                RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
-                        goto err;
+                goto err;
+        }
        p = buf;
        i = BN_bn2bin(ret, p);
@@ -678,9 +673,6 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
        case RSA_PKCS1_PADDING:
                r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
                break;
-        case RSA_X931_PADDING:
-                r = RSA_padding_check_X931(to, num, buf, i, num);
-                break;
        case RSA_NO_PADDING:
                r = RSA_padding_check_none(to, num, buf, i, num);
                break;
author	tb <>	2023-04-15 18:48:52 +0000
committer	tb <>	2023-04-15 18:48:52 +0000
commit	0d8d33f95bb60ebc48034e0510af8a3adb7c1afa (patch)
tree	c5e041fba224aef85a1fe53c56b348d8e8b0cf1d /src/lib/libcrypto/rsa/rsa_eay.c
parent	dd4d11ff3980719420626572b001eadad7632ea5 (diff)
download	openbsd-0d8d33f95bb60ebc48034e0510af8a3adb7c1afa.tar.gz openbsd-0d8d33f95bb60ebc48034e0510af8a3adb7c1afa.tar.bz2 openbsd-0d8d33f95bb60ebc48034e0510af8a3adb7c1afa.zip

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index b307a8bd88..e65319bda1 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
1	/* $OpenBSD: rsa_eay.c,v 1.58 2023/04/05 11:31:38 tb Exp $ */	1	/* $OpenBSD: rsa_eay.c,v 1.59 2023/04/15 18:48:52 tb Exp $ */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)	2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.	3	* All rights reserved.
4	*	4	*
@@ -382,14 +382,11 @@ RSA_eay_private_encrypt(int flen, const unsigned char from, unsigned char to,
382	case RSA_PKCS1_PADDING:	382	case RSA_PKCS1_PADDING:
383	i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);	383	i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
384	break;	384	break;
385	case RSA_X931_PADDING:
386	i = RSA_padding_add_X931(buf, num, from, flen);
387	break;
388	case RSA_NO_PADDING:	385	case RSA_NO_PADDING:
389	i = RSA_padding_add_none(buf, num, from, flen);	386	i = RSA_padding_add_none(buf, num, from, flen);
390	break;	387	break;
391	default:	388	default:
392	RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);	389	RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
393	goto err;	390	goto err;
394	}	391	}
395	if (i <= 0)	392	if (i <= 0)
@@ -449,14 +446,11 @@ RSA_eay_private_encrypt(int flen, const unsigned char from, unsigned char to,
449	goto err;	446	goto err;
450		447
451	if (padding == RSA_X931_PADDING) {	448	if (padding == RSA_X931_PADDING) {
452	if (!BN_sub(f, rsa->n, ret))	449	RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
453	goto err;	450	goto err;
454	if (BN_cmp(ret, f) > 0)	451	}
455	res = f;	452
456	else	453	res = ret;
457	res = ret;
458	} else
459	res = ret;
460		454
461	/* put in leading 0 bytes if the number is less than the	455	/* put in leading 0 bytes if the number is less than the
462	* length of the modulus */	456	* length of the modulus */
@@ -667,9 +661,10 @@ RSA_eay_public_decrypt(int flen, const unsigned char from, unsigned char to,
667	rsa->_method_mod_n))	661	rsa->_method_mod_n))
668	goto err;	662	goto err;
669		663
670	if (padding == RSA_X931_PADDING && (ret->d[0] & 0xf) != 12)	664	if (padding == RSA_X931_PADDING) {
671	if (!BN_sub(ret, rsa->n, ret))	665	RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
672	goto err;	666	goto err;
		667	}
673		668
674	p = buf;	669	p = buf;
675	i = BN_bn2bin(ret, p);	670	i = BN_bn2bin(ret, p);
@@ -678,9 +673,6 @@ RSA_eay_public_decrypt(int flen, const unsigned char from, unsigned char to,
678	case RSA_PKCS1_PADDING:	673	case RSA_PKCS1_PADDING:
679	r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);	674	r = RSA_padding_check_PKCS1_type_1(to, num, buf, i, num);
680	break;	675	break;
681	case RSA_X931_PADDING:
682	r = RSA_padding_check_X931(to, num, buf, i, num);
683	break;
684	case RSA_NO_PADDING:	676	case RSA_NO_PADDING:
685	r = RSA_padding_check_none(to, num, buf, i, num);	677	r = RSA_padding_check_none(to, num, buf, i, num);
686	break;	678	break;