summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
authorbeck <>2017-01-29 17:49:23 +0000
committerbeck <>2017-01-29 17:49:23 +0000
commitd1f47bd292f36094480caa49ada36b99a69c59b0 (patch)
tree1a54abba678898ee5270ae4f3404a50ee9a92eea /src/lib/libcrypto/rsa
parentf8c627888330b75c2eea8a3c27d0efe947a4f9da (diff)
downloadopenbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.gz
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.tar.bz2
openbsd-d1f47bd292f36094480caa49ada36b99a69c59b0.zip
Send the function codes from the error functions to the bit bucket,
as was done earlier in libssl. Thanks inoguchi@ for noticing libssl had more reacharounds into this. ok jsing@ inoguchi@
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/rsa_ameth.c32
-rw-r--r--src/lib/libcrypto/rsa/rsa_chk.c23
-rw-r--r--src/lib/libcrypto/rsa/rsa_crpt.c7
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c72
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c61
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c7
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c8
-rw-r--r--src/lib/libcrypto/rsa/rsa_none.c10
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c18
-rw-r--r--src/lib/libcrypto/rsa/rsa_pk1.c35
-rw-r--r--src/lib/libcrypto/rsa/rsa_pmeth.c33
-rw-r--r--src/lib/libcrypto/rsa/rsa_prn.c4
-rw-r--r--src/lib/libcrypto/rsa/rsa_pss.c32
-rw-r--r--src/lib/libcrypto/rsa/rsa_saos.c16
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c32
-rw-r--r--src/lib/libcrypto/rsa/rsa_ssl.c18
-rw-r--r--src/lib/libcrypto/rsa/rsa_x931.c15
17 files changed, 148 insertions, 275 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
index aa911251cc..ec8a71b7b9 100644
--- a/src/lib/libcrypto/rsa/rsa_ameth.c
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_ameth.c,v 1.17 2016/12/30 15:47:07 jsing Exp $ */ 1/* $OpenBSD: rsa_ameth.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -96,7 +96,7 @@ rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
96 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) 96 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
97 return 0; 97 return 0;
98 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { 98 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
99 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); 99 RSAerror(ERR_R_RSA_LIB);
100 return 0; 100 return 0;
101 } 101 }
102 EVP_PKEY_assign_RSA (pkey, rsa); 102 EVP_PKEY_assign_RSA (pkey, rsa);
@@ -118,7 +118,7 @@ old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen)
118 RSA *rsa; 118 RSA *rsa;
119 119
120 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) { 120 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen))) {
121 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); 121 RSAerror(ERR_R_RSA_LIB);
122 return 0; 122 return 0;
123 } 123 }
124 EVP_PKEY_assign_RSA(pkey, rsa); 124 EVP_PKEY_assign_RSA(pkey, rsa);
@@ -140,13 +140,13 @@ rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
140 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk); 140 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
141 141
142 if (rklen <= 0) { 142 if (rklen <= 0) {
143 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 143 RSAerror(ERR_R_MALLOC_FAILURE);
144 return 0; 144 return 0;
145 } 145 }
146 146
147 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0, 147 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
148 V_ASN1_NULL, NULL, rk, rklen)) { 148 V_ASN1_NULL, NULL, rk, rklen)) {
149 RSAerr(RSA_F_RSA_PRIV_ENCODE, ERR_R_MALLOC_FAILURE); 149 RSAerror(ERR_R_MALLOC_FAILURE);
150 return 0; 150 return 0;
151 } 151 }
152 152
@@ -216,7 +216,7 @@ do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
216 216
217 m = malloc(buf_len + 10); 217 m = malloc(buf_len + 10);
218 if (m == NULL) { 218 if (m == NULL) {
219 RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); 219 RSAerror(ERR_R_MALLOC_FAILURE);
220 goto err; 220 goto err;
221 } 221 }
222 222
@@ -450,7 +450,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
450 450
451 /* Sanity check: make sure it is PSS */ 451 /* Sanity check: make sure it is PSS */
452 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) { 452 if (OBJ_obj2nid(sigalg->algorithm) != NID_rsassaPss) {
453 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNSUPPORTED_SIGNATURE_TYPE); 453 RSAerror(RSA_R_UNSUPPORTED_SIGNATURE_TYPE);
454 return -1; 454 return -1;
455 } 455 }
456 456
@@ -458,25 +458,22 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
458 pss = rsa_pss_decode(sigalg, &maskHash); 458 pss = rsa_pss_decode(sigalg, &maskHash);
459 459
460 if (pss == NULL) { 460 if (pss == NULL) {
461 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_PSS_PARAMETERS); 461 RSAerror(RSA_R_INVALID_PSS_PARAMETERS);
462 goto err; 462 goto err;
463 } 463 }
464 /* Check mask and lookup mask hash algorithm */ 464 /* Check mask and lookup mask hash algorithm */
465 if (pss->maskGenAlgorithm) { 465 if (pss->maskGenAlgorithm) {
466 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) { 466 if (OBJ_obj2nid(pss->maskGenAlgorithm->algorithm) != NID_mgf1) {
467 RSAerr(RSA_F_RSA_ITEM_VERIFY, 467 RSAerror(RSA_R_UNSUPPORTED_MASK_ALGORITHM);
468 RSA_R_UNSUPPORTED_MASK_ALGORITHM);
469 goto err; 468 goto err;
470 } 469 }
471 if (!maskHash) { 470 if (!maskHash) {
472 RSAerr(RSA_F_RSA_ITEM_VERIFY, 471 RSAerror(RSA_R_UNSUPPORTED_MASK_PARAMETER);
473 RSA_R_UNSUPPORTED_MASK_PARAMETER);
474 goto err; 472 goto err;
475 } 473 }
476 mgf1md = EVP_get_digestbyobj(maskHash->algorithm); 474 mgf1md = EVP_get_digestbyobj(maskHash->algorithm);
477 if (mgf1md == NULL) { 475 if (mgf1md == NULL) {
478 RSAerr(RSA_F_RSA_ITEM_VERIFY, 476 RSAerror(RSA_R_UNKNOWN_MASK_DIGEST);
479 RSA_R_UNKNOWN_MASK_DIGEST);
480 goto err; 477 goto err;
481 } 478 }
482 } else 479 } else
@@ -485,7 +482,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
485 if (pss->hashAlgorithm) { 482 if (pss->hashAlgorithm) {
486 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm); 483 md = EVP_get_digestbyobj(pss->hashAlgorithm->algorithm);
487 if (md == NULL) { 484 if (md == NULL) {
488 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_UNKNOWN_PSS_DIGEST); 485 RSAerror(RSA_R_UNKNOWN_PSS_DIGEST);
489 goto err; 486 goto err;
490 } 487 }
491 } else 488 } else
@@ -498,8 +495,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
498 * RSA routines will trap other invalid values anyway. 495 * RSA routines will trap other invalid values anyway.
499 */ 496 */
500 if (saltlen < 0) { 497 if (saltlen < 0) {
501 RSAerr(RSA_F_RSA_ITEM_VERIFY, 498 RSAerror(RSA_R_INVALID_SALT_LENGTH);
502 RSA_R_INVALID_SALT_LENGTH);
503 goto err; 499 goto err;
504 } 500 }
505 } else 501 } else
@@ -509,7 +505,7 @@ rsa_item_verify(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
509 * and PKCS#1 says we should reject any other value anyway. 505 * and PKCS#1 says we should reject any other value anyway.
510 */ 506 */
511 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) { 507 if (pss->trailerField && ASN1_INTEGER_get(pss->trailerField) != 1) {
512 RSAerr(RSA_F_RSA_ITEM_VERIFY, RSA_R_INVALID_TRAILER); 508 RSAerror(RSA_R_INVALID_TRAILER);
513 goto err; 509 goto err;
514 } 510 }
515 511
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index dd9104f304..5345d31df9 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_chk.c,v 1.12 2017/01/25 06:15:44 beck Exp $ */ 1/* $OpenBSD: rsa_chk.c,v 1.13 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -63,7 +63,7 @@ RSA_check_key(const RSA *key)
63 int ret = 1; 63 int ret = 1;
64 64
65 if (!key->p || !key->q || !key->n || !key->e || !key->d) { 65 if (!key->p || !key->q || !key->n || !key->e || !key->d) {
66 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING); 66 RSAerror(RSA_R_VALUE_MISSING);
67 return 0; 67 return 0;
68 } 68 }
69 69
@@ -76,7 +76,7 @@ RSA_check_key(const RSA *key)
76 if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL || 76 if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL ||
77 ctx == NULL) { 77 ctx == NULL) {
78 ret = -1; 78 ret = -1;
79 RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); 79 RSAerror(ERR_R_MALLOC_FAILURE);
80 goto err; 80 goto err;
81 } 81 }
82 82
@@ -86,7 +86,7 @@ RSA_check_key(const RSA *key)
86 ret = r; 86 ret = r;
87 if (r != 0) 87 if (r != 0)
88 goto err; 88 goto err;
89 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); 89 RSAerror(RSA_R_P_NOT_PRIME);
90 } 90 }
91 91
92 /* q prime? */ 92 /* q prime? */
@@ -95,7 +95,7 @@ RSA_check_key(const RSA *key)
95 ret = r; 95 ret = r;
96 if (r != 0) 96 if (r != 0)
97 goto err; 97 goto err;
98 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); 98 RSAerror(RSA_R_Q_NOT_PRIME);
99 } 99 }
100 100
101 /* n = p*q? */ 101 /* n = p*q? */
@@ -107,7 +107,7 @@ RSA_check_key(const RSA *key)
107 107
108 if (BN_cmp(i, key->n) != 0) { 108 if (BN_cmp(i, key->n) != 0) {
109 ret = 0; 109 ret = 0;
110 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); 110 RSAerror(RSA_R_N_DOES_NOT_EQUAL_P_Q);
111 } 111 }
112 112
113 /* d*e = 1 mod lcm(p-1,q-1)? */ 113 /* d*e = 1 mod lcm(p-1,q-1)? */
@@ -148,7 +148,7 @@ RSA_check_key(const RSA *key)
148 148
149 if (!BN_is_one(i)) { 149 if (!BN_is_one(i)) {
150 ret = 0; 150 ret = 0;
151 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); 151 RSAerror(RSA_R_D_E_NOT_CONGRUENT_TO_1);
152 } 152 }
153 153
154 if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { 154 if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
@@ -167,8 +167,7 @@ RSA_check_key(const RSA *key)
167 167
168 if (BN_cmp(j, key->dmp1) != 0) { 168 if (BN_cmp(j, key->dmp1) != 0) {
169 ret = 0; 169 ret = 0;
170 RSAerr(RSA_F_RSA_CHECK_KEY, 170 RSAerror(RSA_R_DMP1_NOT_CONGRUENT_TO_D);
171 RSA_R_DMP1_NOT_CONGRUENT_TO_D);
172 } 171 }
173 172
174 /* dmq1 = d mod (q-1)? */ 173 /* dmq1 = d mod (q-1)? */
@@ -186,8 +185,7 @@ RSA_check_key(const RSA *key)
186 185
187 if (BN_cmp(j, key->dmq1) != 0) { 186 if (BN_cmp(j, key->dmq1) != 0) {
188 ret = 0; 187 ret = 0;
189 RSAerr(RSA_F_RSA_CHECK_KEY, 188 RSAerror(RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
190 RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
191 } 189 }
192 190
193 /* iqmp = q^-1 mod p? */ 191 /* iqmp = q^-1 mod p? */
@@ -198,8 +196,7 @@ RSA_check_key(const RSA *key)
198 196
199 if (BN_cmp(i, key->iqmp) != 0) { 197 if (BN_cmp(i, key->iqmp) != 0) {
200 ret = 0; 198 ret = 0;
201 RSAerr(RSA_F_RSA_CHECK_KEY, 199 RSAerror(RSA_R_IQMP_NOT_INVERSE_OF_Q);
202 RSA_R_IQMP_NOT_INVERSE_OF_Q);
203 } 200 }
204 } 201 }
205 202
diff --git a/src/lib/libcrypto/rsa/rsa_crpt.c b/src/lib/libcrypto/rsa/rsa_crpt.c
index 8063a83263..f0c925602f 100644
--- a/src/lib/libcrypto/rsa/rsa_crpt.c
+++ b/src/lib/libcrypto/rsa/rsa_crpt.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_crpt.c,v 1.17 2017/01/21 11:00:47 beck Exp $ */ 1/* $OpenBSD: rsa_crpt.c,v 1.18 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -187,8 +187,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
187 if (rsa->e == NULL) { 187 if (rsa->e == NULL) {
188 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); 188 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
189 if (e == NULL) { 189 if (e == NULL) {
190 RSAerr(RSA_F_RSA_SETUP_BLINDING, 190 RSAerror(RSA_R_NO_PUBLIC_EXPONENT);
191 RSA_R_NO_PUBLIC_EXPONENT);
192 goto err; 191 goto err;
193 } 192 }
194 } else 193 } else
@@ -201,7 +200,7 @@ RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
201 rsa->_method_mod_n); 200 rsa->_method_mod_n);
202 201
203 if (ret == NULL) { 202 if (ret == NULL) {
204 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); 203 RSAerror(ERR_R_BN_LIB);
205 goto err; 204 goto err;
206 } 205 }
207 CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret)); 206 CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index c4da147ddf..90a3be8dd3 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_eay.c,v 1.45 2017/01/21 10:38:29 beck Exp $ */ 1/* $OpenBSD: rsa_eay.c,v 1.46 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -160,19 +160,19 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
160 BN_CTX *ctx = NULL; 160 BN_CTX *ctx = NULL;
161 161
162 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { 162 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
163 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE); 163 RSAerror(RSA_R_MODULUS_TOO_LARGE);
164 return -1; 164 return -1;
165 } 165 }
166 166
167 if (BN_ucmp(rsa->n, rsa->e) <= 0) { 167 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
168 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); 168 RSAerror(RSA_R_BAD_E_VALUE);
169 return -1; 169 return -1;
170 } 170 }
171 171
172 /* for large moduli, enforce exponent limit */ 172 /* for large moduli, enforce exponent limit */
173 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { 173 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
174 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { 174 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
175 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE); 175 RSAerror(RSA_R_BAD_E_VALUE);
176 return -1; 176 return -1;
177 } 177 }
178 } 178 }
@@ -187,7 +187,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
187 buf = malloc(num); 187 buf = malloc(num);
188 188
189 if (f == NULL || ret == NULL || buf == NULL) { 189 if (f == NULL || ret == NULL || buf == NULL) {
190 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE); 190 RSAerror(ERR_R_MALLOC_FAILURE);
191 goto err; 191 goto err;
192 } 192 }
193 193
@@ -207,8 +207,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
207 i = RSA_padding_add_none(buf, num, from, flen); 207 i = RSA_padding_add_none(buf, num, from, flen);
208 break; 208 break;
209 default: 209 default:
210 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, 210 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
211 RSA_R_UNKNOWN_PADDING_TYPE);
212 goto err; 211 goto err;
213 } 212 }
214 if (i <= 0) 213 if (i <= 0)
@@ -219,8 +218,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
219 218
220 if (BN_ucmp(f, rsa->n) >= 0) { 219 if (BN_ucmp(f, rsa->n) >= 0) {
221 /* usually the padding functions would catch this */ 220 /* usually the padding functions would catch this */
222 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, 221 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
223 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
224 goto err; 222 goto err;
225 } 223 }
226 224
@@ -374,7 +372,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
374 buf = malloc(num); 372 buf = malloc(num);
375 373
376 if (f == NULL || ret == NULL || buf == NULL) { 374 if (f == NULL || ret == NULL || buf == NULL) {
377 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE); 375 RSAerror(ERR_R_MALLOC_FAILURE);
378 goto err; 376 goto err;
379 } 377 }
380 378
@@ -390,8 +388,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
390 break; 388 break;
391 case RSA_SSLV23_PADDING: 389 case RSA_SSLV23_PADDING:
392 default: 390 default:
393 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 391 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
394 RSA_R_UNKNOWN_PADDING_TYPE);
395 goto err; 392 goto err;
396 } 393 }
397 if (i <= 0) 394 if (i <= 0)
@@ -402,24 +399,21 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
402 399
403 if (BN_ucmp(f, rsa->n) >= 0) { 400 if (BN_ucmp(f, rsa->n) >= 0) {
404 /* usually the padding functions would catch this */ 401 /* usually the padding functions would catch this */
405 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 402 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
406 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
407 goto err; 403 goto err;
408 } 404 }
409 405
410 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { 406 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
411 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); 407 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
412 if (blinding == NULL) { 408 if (blinding == NULL) {
413 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 409 RSAerror(ERR_R_INTERNAL_ERROR);
414 ERR_R_INTERNAL_ERROR);
415 goto err; 410 goto err;
416 } 411 }
417 } 412 }
418 413
419 if (blinding != NULL) { 414 if (blinding != NULL) {
420 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { 415 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
421 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 416 RSAerror(ERR_R_MALLOC_FAILURE);
422 ERR_R_MALLOC_FAILURE);
423 goto err; 417 goto err;
424 } 418 }
425 if (!rsa_blinding_convert(blinding, f, unblind, ctx)) 419 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -509,15 +503,14 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
509 buf = malloc(num); 503 buf = malloc(num);
510 504
511 if (!f || !ret || !buf) { 505 if (!f || !ret || !buf) {
512 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE); 506 RSAerror(ERR_R_MALLOC_FAILURE);
513 goto err; 507 goto err;
514 } 508 }
515 509
516 /* This check was for equality but PGP does evil things 510 /* This check was for equality but PGP does evil things
517 * and chops off the top '0' bytes */ 511 * and chops off the top '0' bytes */
518 if (flen > num) { 512 if (flen > num) {
519 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 513 RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
520 RSA_R_DATA_GREATER_THAN_MOD_LEN);
521 goto err; 514 goto err;
522 } 515 }
523 516
@@ -526,24 +519,21 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
526 goto err; 519 goto err;
527 520
528 if (BN_ucmp(f, rsa->n) >= 0) { 521 if (BN_ucmp(f, rsa->n) >= 0) {
529 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 522 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
530 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
531 goto err; 523 goto err;
532 } 524 }
533 525
534 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) { 526 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
535 blinding = rsa_get_blinding(rsa, &local_blinding, ctx); 527 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
536 if (blinding == NULL) { 528 if (blinding == NULL) {
537 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 529 RSAerror(ERR_R_INTERNAL_ERROR);
538 ERR_R_INTERNAL_ERROR);
539 goto err; 530 goto err;
540 } 531 }
541 } 532 }
542 533
543 if (blinding != NULL) { 534 if (blinding != NULL) {
544 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { 535 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
545 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 536 RSAerror(ERR_R_MALLOC_FAILURE);
546 ERR_R_MALLOC_FAILURE);
547 goto err; 537 goto err;
548 } 538 }
549 if (!rsa_blinding_convert(blinding, f, unblind, ctx)) 539 if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -596,13 +586,11 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
596 r = RSA_padding_check_none(to, num, buf, j, num); 586 r = RSA_padding_check_none(to, num, buf, j, num);
597 break; 587 break;
598 default: 588 default:
599 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 589 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
600 RSA_R_UNKNOWN_PADDING_TYPE);
601 goto err; 590 goto err;
602 } 591 }
603 if (r < 0) 592 if (r < 0)
604 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 593 RSAerror(RSA_R_PADDING_CHECK_FAILED);
605 RSA_R_PADDING_CHECK_FAILED);
606 594
607err: 595err:
608 if (ctx != NULL) { 596 if (ctx != NULL) {
@@ -628,19 +616,19 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
628 BN_CTX *ctx = NULL; 616 BN_CTX *ctx = NULL;
629 617
630 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) { 618 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
631 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE); 619 RSAerror(RSA_R_MODULUS_TOO_LARGE);
632 return -1; 620 return -1;
633 } 621 }
634 622
635 if (BN_ucmp(rsa->n, rsa->e) <= 0) { 623 if (BN_ucmp(rsa->n, rsa->e) <= 0) {
636 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); 624 RSAerror(RSA_R_BAD_E_VALUE);
637 return -1; 625 return -1;
638 } 626 }
639 627
640 /* for large moduli, enforce exponent limit */ 628 /* for large moduli, enforce exponent limit */
641 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) { 629 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
642 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) { 630 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
643 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE); 631 RSAerror(RSA_R_BAD_E_VALUE);
644 return -1; 632 return -1;
645 } 633 }
646 } 634 }
@@ -655,15 +643,14 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
655 buf = malloc(num); 643 buf = malloc(num);
656 644
657 if (!f || !ret || !buf) { 645 if (!f || !ret || !buf) {
658 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE); 646 RSAerror(ERR_R_MALLOC_FAILURE);
659 goto err; 647 goto err;
660 } 648 }
661 649
662 /* This check was for equality but PGP does evil things 650 /* This check was for equality but PGP does evil things
663 * and chops off the top '0' bytes */ 651 * and chops off the top '0' bytes */
664 if (flen > num) { 652 if (flen > num) {
665 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 653 RSAerror(RSA_R_DATA_GREATER_THAN_MOD_LEN);
666 RSA_R_DATA_GREATER_THAN_MOD_LEN);
667 goto err; 654 goto err;
668 } 655 }
669 656
@@ -671,8 +658,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
671 goto err; 658 goto err;
672 659
673 if (BN_ucmp(f, rsa->n) >= 0) { 660 if (BN_ucmp(f, rsa->n) >= 0) {
674 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 661 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
675 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
676 goto err; 662 goto err;
677 } 663 }
678 664
@@ -703,13 +689,11 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
703 r = RSA_padding_check_none(to, num, buf, i, num); 689 r = RSA_padding_check_none(to, num, buf, i, num);
704 break; 690 break;
705 default: 691 default:
706 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 692 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
707 RSA_R_UNKNOWN_PADDING_TYPE);
708 goto err; 693 goto err;
709 } 694 }
710 if (r < 0) 695 if (r < 0)
711 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, 696 RSAerror(RSA_R_PADDING_CHECK_FAILED);
712 RSA_R_PADDING_CHECK_FAILED);
713 697
714err: 698err:
715 if (ctx != NULL) { 699 if (ctx != NULL) {
@@ -735,7 +719,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
735 m1 = BN_CTX_get(ctx); 719 m1 = BN_CTX_get(ctx);
736 vrfy = BN_CTX_get(ctx); 720 vrfy = BN_CTX_get(ctx);
737 if (r1 == NULL || m1 == NULL || vrfy == NULL) { 721 if (r1 == NULL || m1 == NULL || vrfy == NULL) {
738 RSAerr(RSA_F_RSA_EAY_MOD_EXP, ERR_R_MALLOC_FAILURE); 722 RSAerror(ERR_R_MALLOC_FAILURE);
739 goto err; 723 goto err;
740 } 724 }
741 725
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index 81622c6099..c2b197c581 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_err.c,v 1.16 2015/02/15 14:35:30 miod Exp $ */ 1/* $OpenBSD: rsa_err.c,v 1.17 2017/01/29 17:49:23 beck Exp $ */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
@@ -72,64 +72,7 @@
72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason) 72#define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
73 73
74static ERR_STRING_DATA RSA_str_functs[] = { 74static ERR_STRING_DATA RSA_str_functs[] = {
75 {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"}, 75 {ERR_FUNC(0xfff), "CRYPTO_internal"},
76 {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
77 {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
78 {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
79 {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
80 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
81 {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
82 {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
83 {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
84 {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
85 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
86 {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
87 {ERR_FUNC(RSA_F_RSA_EAY_MOD_EXP), "RSA_EAY_MOD_EXP"},
88 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
89 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
90 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
91 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
92 {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
93 {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
94 {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
95 {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
96 {ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
97 {ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
98 {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
99 {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
100 {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
101 {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
102 {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
103 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
104 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
105 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
106 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), "RSA_padding_add_PKCS1_PSS_mgf1"},
107 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
108 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
109 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
110 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
111 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE), "RSA_padding_check_none"},
112 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
113 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1), "RSA_padding_check_PKCS1_type_1"},
114 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2), "RSA_padding_check_PKCS1_type_2"},
115 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23), "RSA_padding_check_SSLv23"},
116 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
117 {ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
118 {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
119 {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
120 {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
121 {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
122 {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
123 {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
124 {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
125 {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
126 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
127 {ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
128 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
129 {ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
130 {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
131 {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
132 {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
133 {0, NULL} 76 {0, NULL}
134}; 77};
135 78
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index e09dccb4a8..596eb8eb78 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_gen.c,v 1.21 2017/01/25 06:15:44 beck Exp $ */ 1/* $OpenBSD: rsa_gen.c,v 1.22 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -162,8 +162,7 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
162 ++degenerate < 3); 162 ++degenerate < 3);
163 if (degenerate == 3) { 163 if (degenerate == 3) {
164 ok = 0; /* we set our own err */ 164 ok = 0; /* we set our own err */
165 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, 165 RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
166 RSA_R_KEY_SIZE_TOO_SMALL);
167 goto err; 166 goto err;
168 } 167 }
169 if (!BN_sub(r2, rsa->q, BN_value_one())) 168 if (!BN_sub(r2, rsa->q, BN_value_one()))
@@ -219,7 +218,7 @@ rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
219 ok = 1; 218 ok = 1;
220err: 219err:
221 if (ok == -1) { 220 if (ok == -1) {
222 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN); 221 RSAerror(ERR_LIB_BN);
223 ok = 0; 222 ok = 0;
224 } 223 }
225 if (ctx != NULL) { 224 if (ctx != NULL) {
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 51dc94a134..31ea418427 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_lib.c,v 1.30 2015/02/11 03:19:37 doug Exp $ */ 1/* $OpenBSD: rsa_lib.c,v 1.31 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -132,7 +132,7 @@ RSA_new_method(ENGINE *engine)
132 132
133 ret = malloc(sizeof(RSA)); 133 ret = malloc(sizeof(RSA));
134 if (ret == NULL) { 134 if (ret == NULL) {
135 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); 135 RSAerror(ERR_R_MALLOC_FAILURE);
136 return NULL; 136 return NULL;
137 } 137 }
138 138
@@ -140,7 +140,7 @@ RSA_new_method(ENGINE *engine)
140#ifndef OPENSSL_NO_ENGINE 140#ifndef OPENSSL_NO_ENGINE
141 if (engine) { 141 if (engine) {
142 if (!ENGINE_init(engine)) { 142 if (!ENGINE_init(engine)) {
143 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); 143 RSAerror(ERR_R_ENGINE_LIB);
144 free(ret); 144 free(ret);
145 return NULL; 145 return NULL;
146 } 146 }
@@ -150,7 +150,7 @@ RSA_new_method(ENGINE *engine)
150 if (ret->engine) { 150 if (ret->engine) {
151 ret->meth = ENGINE_get_RSA(ret->engine); 151 ret->meth = ENGINE_get_RSA(ret->engine);
152 if (!ret->meth) { 152 if (!ret->meth) {
153 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); 153 RSAerror(ERR_R_ENGINE_LIB);
154 ENGINE_finish(ret->engine); 154 ENGINE_finish(ret->engine);
155 free(ret); 155 free(ret);
156 return NULL; 156 return NULL;
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c
index 5222b3c1eb..13d3449a9f 100644
--- a/src/lib/libcrypto/rsa/rsa_none.c
+++ b/src/lib/libcrypto/rsa/rsa_none.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_none.c,v 1.10 2014/10/18 17:20:40 jsing Exp $ */ 1/* $OpenBSD: rsa_none.c,v 1.11 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -68,14 +68,12 @@ RSA_padding_add_none(unsigned char *to, int tlen, const unsigned char *from,
68 int flen) 68 int flen)
69{ 69{
70 if (flen > tlen) { 70 if (flen > tlen) {
71 RSAerr(RSA_F_RSA_PADDING_ADD_NONE, 71 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
72 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
73 return 0; 72 return 0;
74 } 73 }
75 74
76 if (flen < tlen) { 75 if (flen < tlen) {
77 RSAerr(RSA_F_RSA_PADDING_ADD_NONE, 76 RSAerror(RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
78 RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
79 return 0; 77 return 0;
80 } 78 }
81 79
@@ -88,7 +86,7 @@ RSA_padding_check_none(unsigned char *to, int tlen, const unsigned char *from,
88 int flen, int num) 86 int flen, int num)
89{ 87{
90 if (flen > tlen) { 88 if (flen > tlen) {
91 RSAerr(RSA_F_RSA_PADDING_CHECK_NONE, RSA_R_DATA_TOO_LARGE); 89 RSAerror(RSA_R_DATA_TOO_LARGE);
92 return -1; 90 return -1;
93 } 91 }
94 92
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 86e2bfc34f..cd7af203b7 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_oaep.c,v 1.25 2015/06/20 12:01:14 jsing Exp $ */ 1/* $OpenBSD: rsa_oaep.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Ulf Moeller. This software is distributed on an "AS IS" 2/* Written by Ulf Moeller. This software is distributed on an "AS IS"
3 basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ 3 basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
4 4
@@ -44,14 +44,12 @@ RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
44 unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; 44 unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
45 45
46 if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) { 46 if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) {
47 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 47 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
48 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
49 return 0; 48 return 0;
50 } 49 }
51 50
52 if (emlen < 2 * SHA_DIGEST_LENGTH + 1) { 51 if (emlen < 2 * SHA_DIGEST_LENGTH + 1) {
53 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, 52 RSAerror(RSA_R_KEY_SIZE_TOO_SMALL);
54 RSA_R_KEY_SIZE_TOO_SMALL);
55 return 0; 53 return 0;
56 } 54 }
57 55
@@ -69,7 +67,7 @@ RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
69 67
70 dbmask = malloc(emlen - SHA_DIGEST_LENGTH); 68 dbmask = malloc(emlen - SHA_DIGEST_LENGTH);
71 if (dbmask == NULL) { 69 if (dbmask == NULL) {
72 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); 70 RSAerror(ERR_R_MALLOC_FAILURE);
73 return 0; 71 return 0;
74 } 72 }
75 73
@@ -126,8 +124,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
126 dblen = num - SHA_DIGEST_LENGTH; 124 dblen = num - SHA_DIGEST_LENGTH;
127 db = malloc(dblen + num); 125 db = malloc(dblen + num);
128 if (db == NULL) { 126 if (db == NULL) {
129 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 127 RSAerror(ERR_R_MALLOC_FAILURE);
130 ERR_R_MALLOC_FAILURE);
131 return -1; 128 return -1;
132 } 129 }
133 130
@@ -167,8 +164,7 @@ RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
167 164
168 mlen = dblen - ++i; 165 mlen = dblen - ++i;
169 if (tlen < mlen) { 166 if (tlen < mlen) {
170 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, 167 RSAerror(RSA_R_DATA_TOO_LARGE);
171 RSA_R_DATA_TOO_LARGE);
172 mlen = -1; 168 mlen = -1;
173 } else 169 } else
174 memcpy(to, db + i, mlen); 170 memcpy(to, db + i, mlen);
@@ -182,7 +178,7 @@ decoding_err:
182 * To avoid chosen ciphertext attacks, the error message should not 178 * To avoid chosen ciphertext attacks, the error message should not
183 * reveal which kind of decoding error happened 179 * reveal which kind of decoding error happened
184 */ 180 */
185 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); 181 RSAerror(RSA_R_OAEP_DECODING_ERROR);
186 free(db); 182 free(db);
187 return -1; 183 return -1;
188} 184}
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index 6c3e7fb846..6de263113f 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_pk1.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: rsa_pk1.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -72,8 +72,7 @@ RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
72 unsigned char *p; 72 unsigned char *p;
73 73
74 if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) { 74 if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
75 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1, 75 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
76 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
77 return 0; 76 return 0;
78 } 77 }
79 78
@@ -101,8 +100,7 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
101 100
102 p = from; 101 p = from;
103 if (num != flen + 1 || *(p++) != 01) { 102 if (num != flen + 1 || *(p++) != 01) {
104 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 103 RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_01);
105 RSA_R_BLOCK_TYPE_IS_NOT_01);
106 return -1; 104 return -1;
107 } 105 }
108 106
@@ -115,8 +113,7 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
115 p++; 113 p++;
116 break; 114 break;
117 } else { 115 } else {
118 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 116 RSAerror(RSA_R_BAD_FIXED_HEADER_DECRYPT);
119 RSA_R_BAD_FIXED_HEADER_DECRYPT);
120 return -1; 117 return -1;
121 } 118 }
122 } 119 }
@@ -124,21 +121,18 @@ RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
124 } 121 }
125 122
126 if (i == j) { 123 if (i == j) {
127 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 124 RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
128 RSA_R_NULL_BEFORE_BLOCK_MISSING);
129 return -1; 125 return -1;
130 } 126 }
131 127
132 if (i < 8) { 128 if (i < 8) {
133 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 129 RSAerror(RSA_R_BAD_PAD_BYTE_COUNT);
134 RSA_R_BAD_PAD_BYTE_COUNT);
135 return -1; 130 return -1;
136 } 131 }
137 i++; /* Skip over the '\0' */ 132 i++; /* Skip over the '\0' */
138 j -= i; 133 j -= i;
139 if (j > tlen) { 134 if (j > tlen) {
140 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1, 135 RSAerror(RSA_R_DATA_TOO_LARGE);
141 RSA_R_DATA_TOO_LARGE);
142 return -1; 136 return -1;
143 } 137 }
144 memcpy(to, p, j); 138 memcpy(to, p, j);
@@ -154,8 +148,7 @@ RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
154 unsigned char *p; 148 unsigned char *p;
155 149
156 if (flen > tlen - 11) { 150 if (flen > tlen - 11) {
157 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2, 151 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
158 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
159 return 0; 152 return 0;
160 } 153 }
161 154
@@ -189,8 +182,7 @@ RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
189 182
190 p = from; 183 p = from;
191 if (num != flen + 1 || *(p++) != 02) { 184 if (num != flen + 1 || *(p++) != 02) {
192 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 185 RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_02);
193 RSA_R_BLOCK_TYPE_IS_NOT_02);
194 return -1; 186 return -1;
195 } 187 }
196 188
@@ -201,21 +193,18 @@ RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
201 break; 193 break;
202 194
203 if (i == j) { 195 if (i == j) {
204 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 196 RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
205 RSA_R_NULL_BEFORE_BLOCK_MISSING);
206 return -1; 197 return -1;
207 } 198 }
208 199
209 if (i < 8) { 200 if (i < 8) {
210 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 201 RSAerror(RSA_R_BAD_PAD_BYTE_COUNT);
211 RSA_R_BAD_PAD_BYTE_COUNT);
212 return -1; 202 return -1;
213 } 203 }
214 i++; /* Skip over the '\0' */ 204 i++; /* Skip over the '\0' */
215 j -= i; 205 j -= i;
216 if (j > tlen) { 206 if (j > tlen) {
217 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, 207 RSAerror(RSA_R_DATA_TOO_LARGE);
218 RSA_R_DATA_TOO_LARGE);
219 return -1; 208 return -1;
220 } 209 }
221 memcpy(to, p, j); 210 memcpy(to, p, j);
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
index 4b7fc09514..2ef1f3c64a 100644
--- a/src/lib/libcrypto/rsa/rsa_pmeth.c
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_pmeth.c,v 1.18 2016/10/19 16:49:11 jsing Exp $ */ 1/* $OpenBSD: rsa_pmeth.c,v 1.19 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -170,8 +170,7 @@ pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
170 170
171 if (rctx->md) { 171 if (rctx->md) {
172 if (tbslen != (size_t)EVP_MD_size(rctx->md)) { 172 if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
173 RSAerr(RSA_F_PKEY_RSA_SIGN, 173 RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
174 RSA_R_INVALID_DIGEST_LENGTH);
175 return -1; 174 return -1;
176 } 175 }
177 176
@@ -228,13 +227,11 @@ pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, unsigned char *rout, size_t *routlen,
228 ret--; 227 ret--;
229 if (rctx->tbuf[ret] != 228 if (rctx->tbuf[ret] !=
230 RSA_X931_hash_id(EVP_MD_type(rctx->md))) { 229 RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
231 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 230 RSAerror(RSA_R_ALGORITHM_MISMATCH);
232 RSA_R_ALGORITHM_MISMATCH);
233 return 0; 231 return 0;
234 } 232 }
235 if (ret != EVP_MD_size(rctx->md)) { 233 if (ret != EVP_MD_size(rctx->md)) {
236 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 234 RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
237 RSA_R_INVALID_DIGEST_LENGTH);
238 return 0; 235 return 0;
239 } 236 }
240 if (rout) 237 if (rout)
@@ -342,14 +339,13 @@ check_padding_md(const EVP_MD *md, int padding)
342 return 1; 339 return 1;
343 340
344 if (padding == RSA_NO_PADDING) { 341 if (padding == RSA_NO_PADDING) {
345 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); 342 RSAerror(RSA_R_INVALID_PADDING_MODE);
346 return 0; 343 return 0;
347 } 344 }
348 345
349 if (padding == RSA_X931_PADDING) { 346 if (padding == RSA_X931_PADDING) {
350 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { 347 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
351 RSAerr(RSA_F_CHECK_PADDING_MD, 348 RSAerror(RSA_R_INVALID_X931_DIGEST);
352 RSA_R_INVALID_X931_DIGEST);
353 return 0; 349 return 0;
354 } 350 }
355 return 1; 351 return 1;
@@ -385,8 +381,7 @@ pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
385 return 1; 381 return 1;
386 } 382 }
387bad_pad: 383bad_pad:
388 RSAerr(RSA_F_PKEY_RSA_CTRL, 384 RSAerror(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
389 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
390 return -2; 385 return -2;
391 386
392 case EVP_PKEY_CTRL_GET_RSA_PADDING: 387 case EVP_PKEY_CTRL_GET_RSA_PADDING:
@@ -396,7 +391,7 @@ bad_pad:
396 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: 391 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
397 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: 392 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
398 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 393 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
399 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); 394 RSAerror(RSA_R_INVALID_PSS_SALTLEN);
400 return -2; 395 return -2;
401 } 396 }
402 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) 397 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
@@ -410,7 +405,7 @@ bad_pad:
410 405
411 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: 406 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
412 if (p1 < 256) { 407 if (p1 < 256) {
413 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); 408 RSAerror(RSA_R_INVALID_KEYBITS);
414 return -2; 409 return -2;
415 } 410 }
416 rctx->nbits = p1; 411 rctx->nbits = p1;
@@ -431,7 +426,7 @@ bad_pad:
431 case EVP_PKEY_CTRL_RSA_MGF1_MD: 426 case EVP_PKEY_CTRL_RSA_MGF1_MD:
432 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: 427 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
433 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 428 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
434 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); 429 RSAerror(RSA_R_INVALID_MGF1_MD);
435 return -2; 430 return -2;
436 } 431 }
437 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { 432 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
@@ -449,8 +444,7 @@ bad_pad:
449 case EVP_PKEY_CTRL_PKCS7_SIGN: 444 case EVP_PKEY_CTRL_PKCS7_SIGN:
450 return 1; 445 return 1;
451 case EVP_PKEY_CTRL_PEER_KEY: 446 case EVP_PKEY_CTRL_PEER_KEY:
452 RSAerr(RSA_F_PKEY_RSA_CTRL, 447 RSAerror(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
453 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
454 return -2; 448 return -2;
455 449
456 default: 450 default:
@@ -465,7 +459,7 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
465 char *ep; 459 char *ep;
466 460
467 if (!value) { 461 if (!value) {
468 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); 462 RSAerror(RSA_R_VALUE_MISSING);
469 return 0; 463 return 0;
470 } 464 }
471 if (!strcmp(type, "rsa_padding_mode")) { 465 if (!strcmp(type, "rsa_padding_mode")) {
@@ -485,8 +479,7 @@ pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, const char *type, const char *value)
485 else if (!strcmp(value, "pss")) 479 else if (!strcmp(value, "pss"))
486 pm = RSA_PKCS1_PSS_PADDING; 480 pm = RSA_PKCS1_PSS_PADDING;
487 else { 481 else {
488 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, 482 RSAerror(RSA_R_UNKNOWN_PADDING_TYPE);
489 RSA_R_UNKNOWN_PADDING_TYPE);
490 return -2; 483 return -2;
491 } 484 }
492 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); 485 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c
index db82dab5be..c46b08c00d 100644
--- a/src/lib/libcrypto/rsa/rsa_prn.c
+++ b/src/lib/libcrypto/rsa/rsa_prn.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_prn.c,v 1.6 2014/07/11 08:44:49 jsing Exp $ */ 1/* $OpenBSD: rsa_prn.c,v 1.7 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006. 3 * project 2006.
4 */ 4 */
@@ -69,7 +69,7 @@ RSA_print_fp(FILE *fp, const RSA *x, int off)
69 int ret; 69 int ret;
70 70
71 if ((b = BIO_new(BIO_s_file())) == NULL) { 71 if ((b = BIO_new(BIO_s_file())) == NULL) {
72 RSAerr(RSA_F_RSA_PRINT_FP, ERR_R_BUF_LIB); 72 RSAerror(ERR_R_BUF_LIB);
73 return 0; 73 return 0;
74 } 74 }
75 BIO_set_fp(b, fp, BIO_NOCLOSE); 75 BIO_set_fp(b, fp, BIO_NOCLOSE);
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 5e137a3090..870f634b8d 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_pss.c,v 1.11 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: rsa_pss.c,v 1.12 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -107,16 +107,14 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
107 else if (sLen == -2) 107 else if (sLen == -2)
108 sLen = -2; 108 sLen = -2;
109 else if (sLen < -2) { 109 else if (sLen < -2) {
110 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 110 RSAerror(RSA_R_SLEN_CHECK_FAILED);
111 RSA_R_SLEN_CHECK_FAILED);
112 goto err; 111 goto err;
113 } 112 }
114 113
115 MSBits = (BN_num_bits(rsa->n) - 1) & 0x7; 114 MSBits = (BN_num_bits(rsa->n) - 1) & 0x7;
116 emLen = RSA_size(rsa); 115 emLen = RSA_size(rsa);
117 if (EM[0] & (0xFF << MSBits)) { 116 if (EM[0] & (0xFF << MSBits)) {
118 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 117 RSAerror(RSA_R_FIRST_OCTET_INVALID);
119 RSA_R_FIRST_OCTET_INVALID);
120 goto err; 118 goto err;
121 } 119 }
122 if (MSBits == 0) { 120 if (MSBits == 0) {
@@ -125,19 +123,18 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
125 } 123 }
126 if (emLen < (hLen + sLen + 2)) { 124 if (emLen < (hLen + sLen + 2)) {
127 /* sLen can be small negative */ 125 /* sLen can be small negative */
128 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_DATA_TOO_LARGE); 126 RSAerror(RSA_R_DATA_TOO_LARGE);
129 goto err; 127 goto err;
130 } 128 }
131 if (EM[emLen - 1] != 0xbc) { 129 if (EM[emLen - 1] != 0xbc) {
132 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 130 RSAerror(RSA_R_LAST_OCTET_INVALID);
133 RSA_R_LAST_OCTET_INVALID);
134 goto err; 131 goto err;
135 } 132 }
136 maskedDBLen = emLen - hLen - 1; 133 maskedDBLen = emLen - hLen - 1;
137 H = EM + maskedDBLen; 134 H = EM + maskedDBLen;
138 DB = malloc(maskedDBLen); 135 DB = malloc(maskedDBLen);
139 if (!DB) { 136 if (!DB) {
140 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE); 137 RSAerror(ERR_R_MALLOC_FAILURE);
141 goto err; 138 goto err;
142 } 139 }
143 if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0) 140 if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, mgf1Hash) < 0)
@@ -149,13 +146,11 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
149 for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++) 146 for (i = 0; DB[i] == 0 && i < (maskedDBLen - 1); i++)
150 ; 147 ;
151 if (DB[i++] != 0x1) { 148 if (DB[i++] != 0x1) {
152 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 149 RSAerror(RSA_R_SLEN_RECOVERY_FAILED);
153 RSA_R_SLEN_RECOVERY_FAILED);
154 goto err; 150 goto err;
155 } 151 }
156 if (sLen >= 0 && (maskedDBLen - i) != sLen) { 152 if (sLen >= 0 && (maskedDBLen - i) != sLen) {
157 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, 153 RSAerror(RSA_R_SLEN_CHECK_FAILED);
158 RSA_R_SLEN_CHECK_FAILED);
159 goto err; 154 goto err;
160 } 155 }
161 if (!EVP_DigestInit_ex(&ctx, Hash, NULL) || 156 if (!EVP_DigestInit_ex(&ctx, Hash, NULL) ||
@@ -169,7 +164,7 @@ RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
169 if (!EVP_DigestFinal_ex(&ctx, H_, NULL)) 164 if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
170 goto err; 165 goto err;
171 if (memcmp(H_, H, hLen)) { 166 if (memcmp(H_, H, hLen)) {
172 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE); 167 RSAerror(RSA_R_BAD_SIGNATURE);
173 ret = 0; 168 ret = 0;
174 } else 169 } else
175 ret = 1; 170 ret = 1;
@@ -218,8 +213,7 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
218 else if (sLen == -2) 213 else if (sLen == -2)
219 sLen = -2; 214 sLen = -2;
220 else if (sLen < -2) { 215 else if (sLen < -2) {
221 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 216 RSAerror(RSA_R_SLEN_CHECK_FAILED);
222 RSA_R_SLEN_CHECK_FAILED);
223 goto err; 217 goto err;
224 } 218 }
225 219
@@ -232,15 +226,13 @@ RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
232 if (sLen == -2) 226 if (sLen == -2)
233 sLen = emLen - hLen - 2; 227 sLen = emLen - hLen - 2;
234 else if (emLen < (hLen + sLen + 2)) { 228 else if (emLen < (hLen + sLen + 2)) {
235 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 229 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
236 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
237 goto err; 230 goto err;
238 } 231 }
239 if (sLen > 0) { 232 if (sLen > 0) {
240 salt = malloc(sLen); 233 salt = malloc(sLen);
241 if (!salt) { 234 if (!salt) {
242 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1, 235 RSAerror(ERR_R_MALLOC_FAILURE);
243 ERR_R_MALLOC_FAILURE);
244 goto err; 236 goto err;
245 } 237 }
246 arc4random_buf(salt, sLen); 238 arc4random_buf(salt, sLen);
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index 5dbc10dbb2..179217c236 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_saos.c,v 1.19 2015/09/30 18:41:06 jsing Exp $ */ 1/* $OpenBSD: rsa_saos.c,v 1.20 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -80,13 +80,12 @@ RSA_sign_ASN1_OCTET_STRING(int type, const unsigned char *m, unsigned int m_len,
80 i = i2d_ASN1_OCTET_STRING(&sig, NULL); 80 i = i2d_ASN1_OCTET_STRING(&sig, NULL);
81 j = RSA_size(rsa); 81 j = RSA_size(rsa);
82 if (i > (j - RSA_PKCS1_PADDING_SIZE)) { 82 if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
83 RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, 83 RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
84 RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
85 return 0; 84 return 0;
86 } 85 }
87 s = malloc(j + 1); 86 s = malloc(j + 1);
88 if (s == NULL) { 87 if (s == NULL) {
89 RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE); 88 RSAerror(ERR_R_MALLOC_FAILURE);
90 return 0; 89 return 0;
91 } 90 }
92 p = s; 91 p = s;
@@ -112,15 +111,13 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
112 ASN1_OCTET_STRING *sig = NULL; 111 ASN1_OCTET_STRING *sig = NULL;
113 112
114 if (siglen != (unsigned int)RSA_size(rsa)) { 113 if (siglen != (unsigned int)RSA_size(rsa)) {
115 RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 114 RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
116 RSA_R_WRONG_SIGNATURE_LENGTH);
117 return 0; 115 return 0;
118 } 116 }
119 117
120 s = malloc(siglen); 118 s = malloc(siglen);
121 if (s == NULL) { 119 if (s == NULL) {
122 RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 120 RSAerror(ERR_R_MALLOC_FAILURE);
123 ERR_R_MALLOC_FAILURE);
124 goto err; 121 goto err;
125 } 122 }
126 i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); 123 i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
@@ -135,8 +132,7 @@ RSA_verify_ASN1_OCTET_STRING(int dtype, const unsigned char *m,
135 132
136 if ((unsigned int)sig->length != m_len || 133 if ((unsigned int)sig->length != m_len ||
137 memcmp(m, sig->data, m_len) != 0) { 134 memcmp(m, sig->data, m_len) != 0) {
138 RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, 135 RSAerror(RSA_R_BAD_SIGNATURE);
139 RSA_R_BAD_SIGNATURE);
140 } else 136 } else
141 ret = 1; 137 ret = 1;
142err: 138err:
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 7be08f544b..52cbc3dfe3 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_sign.c,v 1.25 2015/09/10 15:56:25 jsing Exp $ */ 1/* $OpenBSD: rsa_sign.c,v 1.26 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -88,7 +88,7 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
88 /* Special case: SSL signature, just check the length */ 88 /* Special case: SSL signature, just check the length */
89 if (type == NID_md5_sha1) { 89 if (type == NID_md5_sha1) {
90 if (m_len != SSL_SIG_LENGTH) { 90 if (m_len != SSL_SIG_LENGTH) {
91 RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH); 91 RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
92 return 0; 92 return 0;
93 } 93 }
94 i = SSL_SIG_LENGTH; 94 i = SSL_SIG_LENGTH;
@@ -97,12 +97,11 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
97 sig.algor = &algor; 97 sig.algor = &algor;
98 sig.algor->algorithm = OBJ_nid2obj(type); 98 sig.algor->algorithm = OBJ_nid2obj(type);
99 if (sig.algor->algorithm == NULL) { 99 if (sig.algor->algorithm == NULL) {
100 RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE); 100 RSAerror(RSA_R_UNKNOWN_ALGORITHM_TYPE);
101 return 0; 101 return 0;
102 } 102 }
103 if (sig.algor->algorithm->length == 0) { 103 if (sig.algor->algorithm->length == 0) {
104 RSAerr(RSA_F_RSA_SIGN, 104 RSAerror(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
105 RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
106 return 0; 105 return 0;
107 } 106 }
108 parameter.type = V_ASN1_NULL; 107 parameter.type = V_ASN1_NULL;
@@ -117,13 +116,13 @@ RSA_sign(int type, const unsigned char *m, unsigned int m_len,
117 } 116 }
118 j = RSA_size(rsa); 117 j = RSA_size(rsa);
119 if (i > j - RSA_PKCS1_PADDING_SIZE) { 118 if (i > j - RSA_PKCS1_PADDING_SIZE) {
120 RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); 119 RSAerror(RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
121 return 0; 120 return 0;
122 } 121 }
123 if (type != NID_md5_sha1) { 122 if (type != NID_md5_sha1) {
124 tmps = malloc(j + 1); 123 tmps = malloc(j + 1);
125 if (tmps == NULL) { 124 if (tmps == NULL) {
126 RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE); 125 RSAerror(ERR_R_MALLOC_FAILURE);
127 return 0; 126 return 0;
128 } 127 }
129 p = tmps; 128 p = tmps;
@@ -153,7 +152,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
153 X509_SIG *sig = NULL; 152 X509_SIG *sig = NULL;
154 153
155 if (siglen != (unsigned int)RSA_size(rsa)) { 154 if (siglen != (unsigned int)RSA_size(rsa)) {
156 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH); 155 RSAerror(RSA_R_WRONG_SIGNATURE_LENGTH);
157 return 0; 156 return 0;
158 } 157 }
159 158
@@ -168,11 +167,11 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
168 167
169 s = malloc(siglen); 168 s = malloc(siglen);
170 if (s == NULL) { 169 if (s == NULL) {
171 RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE); 170 RSAerror(ERR_R_MALLOC_FAILURE);
172 goto err; 171 goto err;
173 } 172 }
174 if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) { 173 if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
175 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH); 174 RSAerror(RSA_R_INVALID_MESSAGE_LENGTH);
176 goto err; 175 goto err;
177 } 176 }
178 i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING); 177 i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
@@ -183,7 +182,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
183 /* Special case: SSL signature */ 182 /* Special case: SSL signature */
184 if (dtype == NID_md5_sha1) { 183 if (dtype == NID_md5_sha1) {
185 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH)) 184 if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
186 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 185 RSAerror(RSA_R_BAD_SIGNATURE);
187 else 186 else
188 ret = 1; 187 ret = 1;
189 } else { 188 } else {
@@ -196,7 +195,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
196 195
197 /* Excess data can be used to create forgeries */ 196 /* Excess data can be used to create forgeries */
198 if (p != s + i) { 197 if (p != s + i) {
199 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 198 RSAerror(RSA_R_BAD_SIGNATURE);
200 goto err; 199 goto err;
201 } 200 }
202 201
@@ -204,14 +203,14 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
204 create forgeries */ 203 create forgeries */
205 if (sig->algor->parameter && 204 if (sig->algor->parameter &&
206 ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) { 205 ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
207 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 206 RSAerror(RSA_R_BAD_SIGNATURE);
208 goto err; 207 goto err;
209 } 208 }
210 209
211 sigtype = OBJ_obj2nid(sig->algor->algorithm); 210 sigtype = OBJ_obj2nid(sig->algor->algorithm);
212 211
213 if (sigtype != dtype) { 212 if (sigtype != dtype) {
214 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH); 213 RSAerror(RSA_R_ALGORITHM_MISMATCH);
215 goto err; 214 goto err;
216 } 215 }
217 if (rm) { 216 if (rm) {
@@ -219,8 +218,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
219 218
220 md = EVP_get_digestbynid(dtype); 219 md = EVP_get_digestbynid(dtype);
221 if (md && (EVP_MD_size(md) != sig->digest->length)) 220 if (md && (EVP_MD_size(md) != sig->digest->length))
222 RSAerr(RSA_F_INT_RSA_VERIFY, 221 RSAerror(RSA_R_INVALID_DIGEST_LENGTH);
223 RSA_R_INVALID_DIGEST_LENGTH);
224 else { 222 else {
225 memcpy(rm, sig->digest->data, 223 memcpy(rm, sig->digest->data,
226 sig->digest->length); 224 sig->digest->length);
@@ -229,7 +227,7 @@ int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
229 } 227 }
230 } else if ((unsigned int)sig->digest->length != m_len || 228 } else if ((unsigned int)sig->digest->length != m_len ||
231 memcmp(m, sig->digest->data, m_len) != 0) { 229 memcmp(m, sig->digest->data, m_len) != 0) {
232 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE); 230 RSAerror(RSA_R_BAD_SIGNATURE);
233 } else 231 } else
234 ret = 1; 232 ret = 1;
235 } 233 }
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index 73262f29c1..60fc8ec94f 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_ssl.c,v 1.14 2014/10/22 13:02:04 jsing Exp $ */ 1/* $OpenBSD: rsa_ssl.c,v 1.15 2017/01/29 17:49:23 beck Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
@@ -72,8 +72,7 @@ RSA_padding_add_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
72 unsigned char *p; 72 unsigned char *p;
73 73
74 if (flen > tlen - 11) { 74 if (flen > tlen - 11) {
75 RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23, 75 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
76 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
77 return 0; 76 return 0;
78 } 77 }
79 78
@@ -109,12 +108,11 @@ RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
109 108
110 p = from; 109 p = from;
111 if (flen < 10) { 110 if (flen < 10) {
112 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_SMALL); 111 RSAerror(RSA_R_DATA_TOO_SMALL);
113 return -1; 112 return -1;
114 } 113 }
115 if (num != flen + 1 || *(p++) != 02) { 114 if (num != flen + 1 || *(p++) != 02) {
116 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, 115 RSAerror(RSA_R_BLOCK_TYPE_IS_NOT_02);
117 RSA_R_BLOCK_TYPE_IS_NOT_02);
118 return -1; 116 return -1;
119 } 117 }
120 118
@@ -125,8 +123,7 @@ RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
125 break; 123 break;
126 124
127 if (i == j || i < 8) { 125 if (i == j || i < 8) {
128 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, 126 RSAerror(RSA_R_NULL_BEFORE_BLOCK_MISSING);
129 RSA_R_NULL_BEFORE_BLOCK_MISSING);
130 return -1; 127 return -1;
131 } 128 }
132 for (k = -9; k < -1; k++) { 129 for (k = -9; k < -1; k++) {
@@ -134,15 +131,14 @@ RSA_padding_check_SSLv23(unsigned char *to, int tlen, const unsigned char *from,
134 break; 131 break;
135 } 132 }
136 if (k == -1) { 133 if (k == -1) {
137 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, 134 RSAerror(RSA_R_SSLV3_ROLLBACK_ATTACK);
138 RSA_R_SSLV3_ROLLBACK_ATTACK);
139 return -1; 135 return -1;
140 } 136 }
141 137
142 i++; /* Skip over the '\0' */ 138 i++; /* Skip over the '\0' */
143 j -= i; 139 j -= i;
144 if (j > tlen) { 140 if (j > tlen) {
145 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23, RSA_R_DATA_TOO_LARGE); 141 RSAerror(RSA_R_DATA_TOO_LARGE);
146 return -1; 142 return -1;
147 } 143 }
148 memcpy(to, p, j); 144 memcpy(to, p, j);
diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c
index 2993b4028d..3579735ab2 100644
--- a/src/lib/libcrypto/rsa/rsa_x931.c
+++ b/src/lib/libcrypto/rsa/rsa_x931.c
@@ -1,4 +1,4 @@
1/* $OpenBSD: rsa_x931.c,v 1.9 2014/10/18 17:20:40 jsing Exp $ */ 1/* $OpenBSD: rsa_x931.c,v 1.10 2017/01/29 17:49:23 beck Exp $ */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
@@ -78,8 +78,7 @@ RSA_padding_add_X931(unsigned char *to, int tlen, const unsigned char *from,
78 j = tlen - flen - 2; 78 j = tlen - flen - 2;
79 79
80 if (j < 0) { 80 if (j < 0) {
81 RSAerr(RSA_F_RSA_PADDING_ADD_X931, 81 RSAerror(RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
82 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
83 return -1; 82 return -1;
84 } 83 }
85 84
@@ -110,7 +109,7 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
110 const unsigned char *p = from; 109 const unsigned char *p = from;
111 110
112 if (num != flen || (*p != 0x6A && *p != 0x6B)) { 111 if (num != flen || (*p != 0x6A && *p != 0x6B)) {
113 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_HEADER); 112 RSAerror(RSA_R_INVALID_HEADER);
114 return -1; 113 return -1;
115 } 114 }
116 115
@@ -121,15 +120,13 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
121 if (c == 0xBA) 120 if (c == 0xBA)
122 break; 121 break;
123 if (c != 0xBB) { 122 if (c != 0xBB) {
124 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, 123 RSAerror(RSA_R_INVALID_PADDING);
125 RSA_R_INVALID_PADDING);
126 return -1; 124 return -1;
127 } 125 }
128 } 126 }
129 127
130 if (i == 0) { 128 if (i == 0) {
131 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, 129 RSAerror(RSA_R_INVALID_PADDING);
132 RSA_R_INVALID_PADDING);
133 return -1; 130 return -1;
134 } 131 }
135 132
@@ -138,7 +135,7 @@ RSA_padding_check_X931(unsigned char *to, int tlen, const unsigned char *from,
138 j = flen - 2; 135 j = flen - 2;
139 136
140 if (j < 0 || p[j] != 0xCC) { 137 if (j < 0 || p[j] != 0xCC) {
141 RSAerr(RSA_F_RSA_PADDING_CHECK_X931, RSA_R_INVALID_TRAILER); 138 RSAerror(RSA_R_INVALID_TRAILER);
142 return -1; 139 return -1;
143 } 140 }
144 141
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-01 13:41:32 +0000