summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
authorbeck <>2000-03-19 11:13:58 +0000
committerbeck <>2000-03-19 11:13:58 +0000
commit796d609550df3a33fc11468741c5d2f6d3df4c11 (patch)
tree6c6d539061caa20372dad0ac4ddb1dfae2fbe7fe /src/lib/libcrypto/rsa
parent5be3114c1fd7e0dfea1e38d3abb4cbba75244419 (diff)
downloadopenbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.gz
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.tar.bz2
openbsd-796d609550df3a33fc11468741c5d2f6d3df4c11.zip
OpenSSL 0.9.5 merge
*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/Makefile.ssl45
-rw-r--r--src/lib/libcrypto/rsa/rsa.h33
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c4
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c5
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c1
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c24
-rw-r--r--src/lib/libcrypto/rsa/rsa_null.c149
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep_test.c309
-rw-r--r--src/lib/libcrypto/rsa/rsa_pk1.c18
-rw-r--r--src/lib/libcrypto/rsa/rsa_saos.c2
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c153
-rw-r--r--src/lib/libcrypto/rsa/rsa_ssl.c11
-rw-r--r--src/lib/libcrypto/rsa/rsa_test.c314
14 files changed, 659 insertions, 412 deletions
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
index 3bb89701a2..7b3960e70d 100644
--- a/src/lib/libcrypto/rsa/Makefile.ssl
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -18,14 +18,14 @@ AR= ar r
18CFLAGS= $(INCLUDES) $(CFLAG) 18CFLAGS= $(INCLUDES) $(CFLAG)
19 19
20GENERAL=Makefile 20GENERAL=Makefile
21TEST=rsa_oaep_test.c 21TEST=rsa_test.c
22APPS= 22APPS=
23 23
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ 25LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
26 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c 26 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c
27LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ 27LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
28 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o 28 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o
29 29
30SRC= $(LIBSRC) 30SRC= $(LIBSRC)
31 31
@@ -83,52 +83,61 @@ clean:
83rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h 83rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
84rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 84rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
85rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h 85rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
86rsa_chk.o: ../../include/openssl/stack.h 86rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
87rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 87rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
88rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 88rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
89rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 89rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
90rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 90rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
91rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 91rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
92rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h 92rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
93rsa_eay.o: ../cryptlib.h 93rsa_eay.o: ../../include/openssl/stack.h ../cryptlib.h
94rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h 94rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
95rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 95rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
96rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h 96rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
97rsa_err.o: ../../include/openssl/stack.h 97rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
98rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 98rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
99rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 99rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
100rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 100rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
101rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 101rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
102rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h 102rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
103rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h 103rsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
104rsa_gen.o: ../cryptlib.h
104rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 105rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
105rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 106rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
106rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 107rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
107rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 108rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
108rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h 109rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
109rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h 110rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
110rsa_lib.o: ../cryptlib.h 111rsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h
111rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 112rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
112rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 113rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
113rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 114rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
114rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 115rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
115rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 116rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
116rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h 117rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
117rsa_none.o: ../cryptlib.h 118rsa_none.o: ../../include/openssl/stack.h ../cryptlib.h
119rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
120rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
121rsa_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
122rsa_null.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
123rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
124rsa_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
125rsa_null.o: ../../include/openssl/stack.h ../cryptlib.h
118rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 126rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
119rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 127rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
120rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 128rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
121rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 129rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
122rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 130rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
123rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/sha.h 131rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
124rsa_oaep.o: ../../include/openssl/stack.h ../cryptlib.h 132rsa_oaep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
133rsa_oaep.o: ../cryptlib.h
125rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 134rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
126rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 135rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
127rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 136rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
128rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 137rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
129rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 138rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
130rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h 139rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
131rsa_pk1.o: ../cryptlib.h 140rsa_pk1.o: ../../include/openssl/stack.h ../cryptlib.h
132rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 141rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
133rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h 142rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
134rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h 143rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
@@ -168,5 +177,5 @@ rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
168rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h 177rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
169rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h 178rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
170rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h 179rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
171rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h 180rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
172rsa_ssl.o: ../cryptlib.h 181rsa_ssl.o: ../../include/openssl/stack.h ../cryptlib.h
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 9230b2fcc9..f9f9b5cfe9 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -91,6 +91,18 @@ typedef struct rsa_meth_st
91 int (*finish)(RSA *rsa); /* called at free */ 91 int (*finish)(RSA *rsa); /* called at free */
92 int flags; /* RSA_METHOD_FLAG_* things */ 92 int flags; /* RSA_METHOD_FLAG_* things */
93 char *app_data; /* may be needed! */ 93 char *app_data; /* may be needed! */
94/* New sign and verify functions: some libraries don't allow arbitrary data
95 * to be signed/verified: this allows them to be used. Note: for this to work
96 * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used
97 * RSA_sign(), RSA_verify() should be used instead. Note: for backwards
98 * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER
99 * option is set in 'flags'.
100 */
101 int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,
102 unsigned char *sigret, unsigned int *siglen, RSA *rsa);
103 int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,
104 unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
105
94 } RSA_METHOD; 106 } RSA_METHOD;
95 107
96struct rsa_st 108struct rsa_st
@@ -140,12 +152,16 @@ struct rsa_st
140 */ 152 */
141#define RSA_FLAG_EXT_PKEY 0x20 153#define RSA_FLAG_EXT_PKEY 0x20
142 154
155/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.
156 */
157#define RSA_FLAG_SIGN_VER 0x40
158
143#define RSA_PKCS1_PADDING 1 159#define RSA_PKCS1_PADDING 1
144#define RSA_SSLV23_PADDING 2 160#define RSA_SSLV23_PADDING 2
145#define RSA_NO_PADDING 3 161#define RSA_NO_PADDING 3
146#define RSA_PKCS1_OAEP_PADDING 4 162#define RSA_PKCS1_OAEP_PADDING 4
147 163
148#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg) 164#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)
149#define RSA_get_app_data(s) RSA_get_ex_data(s,0) 165#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
150 166
151RSA * RSA_new(void); 167RSA * RSA_new(void);
@@ -181,6 +197,8 @@ RSA_METHOD *RSA_PKCS1_RSAref(void);
181/* these are the actual SSLeay RSA functions */ 197/* these are the actual SSLeay RSA functions */
182RSA_METHOD *RSA_PKCS1_SSLeay(void); 198RSA_METHOD *RSA_PKCS1_SSLeay(void);
183 199
200RSA_METHOD *RSA_null_method(void);
201
184void ERR_load_RSA_strings(void ); 202void ERR_load_RSA_strings(void );
185 203
186RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); 204RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);
@@ -241,10 +259,10 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
241int RSA_padding_check_none(unsigned char *to,int tlen, 259int RSA_padding_check_none(unsigned char *to,int tlen,
242 unsigned char *f,int fl,int rsa_len); 260 unsigned char *f,int fl,int rsa_len);
243 261
244int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), 262int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
245 int (*dup_func)(), void (*free_func)()); 263 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
246int RSA_set_ex_data(RSA *r,int idx,char *arg); 264int RSA_set_ex_data(RSA *r,int idx,void *arg);
247char *RSA_get_ex_data(RSA *r, int idx); 265void *RSA_get_ex_data(RSA *r, int idx);
248 266
249/* BEGIN ERROR CODES */ 267/* BEGIN ERROR CODES */
250/* The following lines are auto generated by the script mkerr.pl. Any changes 268/* The following lines are auto generated by the script mkerr.pl. Any changes
@@ -262,6 +280,7 @@ char *RSA_get_ex_data(RSA *r, int idx);
262#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 280#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
263#define RSA_F_RSA_GENERATE_KEY 105 281#define RSA_F_RSA_GENERATE_KEY 105
264#define RSA_F_RSA_NEW_METHOD 106 282#define RSA_F_RSA_NEW_METHOD 106
283#define RSA_F_RSA_NULL 124
265#define RSA_F_RSA_PADDING_ADD_NONE 107 284#define RSA_F_RSA_PADDING_ADD_NONE 107
266#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 285#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
267#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 286#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
@@ -292,10 +311,11 @@ char *RSA_get_ex_data(RSA *r, int idx);
292#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 311#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
293#define RSA_R_DATA_TOO_SMALL 111 312#define RSA_R_DATA_TOO_SMALL 111
294#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 313#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
295#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
296#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 314#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
297#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 315#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
298#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 316#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
317#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
318#define RSA_R_INVALID_MESSAGE_LENGTH 131
299#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 319#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
300#define RSA_R_KEY_SIZE_TOO_SMALL 120 320#define RSA_R_KEY_SIZE_TOO_SMALL 120
301#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 321#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
@@ -304,6 +324,7 @@ char *RSA_get_ex_data(RSA *r, int idx);
304#define RSA_R_PADDING_CHECK_FAILED 114 324#define RSA_R_PADDING_CHECK_FAILED 114
305#define RSA_R_P_NOT_PRIME 128 325#define RSA_R_P_NOT_PRIME 128
306#define RSA_R_Q_NOT_PRIME 129 326#define RSA_R_Q_NOT_PRIME 129
327#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130
307#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 328#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
308#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 329#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
309#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 330#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 776324860c..179b7da90a 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -72,6 +72,8 @@
72#include <openssl/rsa.h> 72#include <openssl/rsa.h>
73#include <openssl/rand.h> 73#include <openssl/rand.h>
74 74
75#ifndef RSA_NULL
76
75static int RSA_eay_public_encrypt(int flen, unsigned char *from, 77static int RSA_eay_public_encrypt(int flen, unsigned char *from,
76 unsigned char *to, RSA *rsa,int padding); 78 unsigned char *to, RSA *rsa,int padding);
77static int RSA_eay_private_encrypt(int flen, unsigned char *from, 79static int RSA_eay_private_encrypt(int flen, unsigned char *from,
@@ -285,4 +287,4 @@ static int RSA_eay_finish(RSA *rsa)
285 return(1); 287 return(1);
286 } 288 }
287 289
288 290#endif
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index 9fb15e398d..5cfbea2b03 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -73,6 +73,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
73{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, 73{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"},
74{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, 74{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"},
75{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, 75{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"},
76{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"},
76{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, 77{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"},
77{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, 78{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"},
78{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, 79{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"},
@@ -106,10 +107,11 @@ static ERR_STRING_DATA RSA_str_reasons[]=
106{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 107{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
107{RSA_R_DATA_TOO_SMALL ,"data too small"}, 108{RSA_R_DATA_TOO_SMALL ,"data too small"},
108{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, 109{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
109{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},
110{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, 110{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
111{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, 111{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"},
112{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, 112{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"},
113{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},
114{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"},
113{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, 115{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},
114{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, 116{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
115{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, 117{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
@@ -118,6 +120,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
118{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, 120{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
119{RSA_R_P_NOT_PRIME ,"p not prime"}, 121{RSA_R_P_NOT_PRIME ,"p not prime"},
120{RSA_R_Q_NOT_PRIME ,"q not prime"}, 122{RSA_R_Q_NOT_PRIME ,"q not prime"},
123{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"},
121{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, 124{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},
122{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, 125{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
123{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, 126{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 3227dba794..b1ee5d8dce 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -85,6 +85,7 @@ err:
85 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN); 85 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
86 ok=0; 86 ok=0;
87 } 87 }
88 BN_CTX_end(ctx);
88 BN_CTX_free(ctx); 89 BN_CTX_free(ctx);
89 BN_CTX_free(ctx2); 90 BN_CTX_free(ctx2);
90 91
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index c0ca2923a6..074a4f5074 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,7 +67,7 @@ const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
67 67
68static RSA_METHOD *default_RSA_meth=NULL; 68static RSA_METHOD *default_RSA_meth=NULL;
69static int rsa_meth_num=0; 69static int rsa_meth_num=0;
70static STACK *rsa_meth=NULL; 70static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;
71 71
72RSA *RSA_new(void) 72RSA *RSA_new(void)
73 { 73 {
@@ -105,11 +105,15 @@ RSA *RSA_new_method(RSA_METHOD *meth)
105 105
106 if (default_RSA_meth == NULL) 106 if (default_RSA_meth == NULL)
107 { 107 {
108#ifdef RSA_NULL
109 default_RSA_meth=RSA_null_method();
110#else
108#ifdef RSAref 111#ifdef RSAref
109 default_RSA_meth=RSA_PKCS1_RSAref(); 112 default_RSA_meth=RSA_PKCS1_RSAref();
110#else 113#else
111 default_RSA_meth=RSA_PKCS1_SSLeay(); 114 default_RSA_meth=RSA_PKCS1_SSLeay();
112#endif 115#endif
116#endif
113 } 117 }
114 ret=(RSA *)Malloc(sizeof(RSA)); 118 ret=(RSA *)Malloc(sizeof(RSA));
115 if (ret == NULL) 119 if (ret == NULL)
@@ -146,7 +150,7 @@ RSA *RSA_new_method(RSA_METHOD *meth)
146 ret=NULL; 150 ret=NULL;
147 } 151 }
148 else 152 else
149 CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); 153 CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);
150 return(ret); 154 return(ret);
151 } 155 }
152 156
@@ -169,7 +173,7 @@ void RSA_free(RSA *r)
169 } 173 }
170#endif 174#endif
171 175
172 CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data); 176 CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);
173 177
174 if (r->meth->finish != NULL) 178 if (r->meth->finish != NULL)
175 r->meth->finish(r); 179 r->meth->finish(r);
@@ -187,20 +191,20 @@ void RSA_free(RSA *r)
187 Free(r); 191 Free(r);
188 } 192 }
189 193
190int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), 194int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
191 int (*dup_func)(), void (*free_func)()) 195 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
192 { 196 {
193 rsa_meth_num++; 197 rsa_meth_num++;
194 return(CRYPTO_get_ex_new_index(rsa_meth_num-1, 198 return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
195 &rsa_meth,argl,argp,new_func,dup_func,free_func)); 199 &rsa_meth,argl,argp,new_func,dup_func,free_func));
196 } 200 }
197 201
198int RSA_set_ex_data(RSA *r, int idx, char *arg) 202int RSA_set_ex_data(RSA *r, int idx, void *arg)
199 { 203 {
200 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); 204 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
201 } 205 }
202 206
203char *RSA_get_ex_data(RSA *r, int idx) 207void *RSA_get_ex_data(RSA *r, int idx)
204 { 208 {
205 return(CRYPTO_get_ex_data(&r->ex_data,idx)); 209 return(CRYPTO_get_ex_data(&r->ex_data,idx));
206 } 210 }
@@ -265,19 +269,19 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
265 if (rsa->blinding != NULL) 269 if (rsa->blinding != NULL)
266 BN_BLINDING_free(rsa->blinding); 270 BN_BLINDING_free(rsa->blinding);
267 271
268 A= &(ctx->bn[0]); 272 BN_CTX_start(ctx);
269 ctx->tos++; 273 A = BN_CTX_get(ctx);
270 if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; 274 if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
271 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; 275 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
272 276
273 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) 277 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
274 goto err; 278 goto err;
275 rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); 279 rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
276 ctx->tos--;
277 rsa->flags|=RSA_FLAG_BLINDING; 280 rsa->flags|=RSA_FLAG_BLINDING;
278 BN_free(Ai); 281 BN_free(Ai);
279 ret=1; 282 ret=1;
280err: 283err:
284 BN_CTX_end(ctx);
281 if (ctx != p_ctx) BN_CTX_free(ctx); 285 if (ctx != p_ctx) BN_CTX_free(ctx);
282 return(ret); 286 return(ret);
283 } 287 }
diff --git a/src/lib/libcrypto/rsa/rsa_null.c b/src/lib/libcrypto/rsa/rsa_null.c
new file mode 100644
index 0000000000..7b58a0eca3
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_null.c
@@ -0,0 +1,149 @@
1/* rsa_null.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/rsa.h>
63#include <openssl/rand.h>
64
65/* This is a dummy RSA implementation that just returns errors when called.
66 * It is designed to allow some RSA functions to work while stopping those
67 * covered by the RSA patent. That is RSA, encryption, decryption, signing
68 * and verify is not allowed but RSA key generation, key checking and other
69 * operations (like storing RSA keys) are permitted.
70 */
71
72static int RSA_null_public_encrypt(int flen, unsigned char *from,
73 unsigned char *to, RSA *rsa,int padding);
74static int RSA_null_private_encrypt(int flen, unsigned char *from,
75 unsigned char *to, RSA *rsa,int padding);
76static int RSA_null_public_decrypt(int flen, unsigned char *from,
77 unsigned char *to, RSA *rsa,int padding);
78static int RSA_null_private_decrypt(int flen, unsigned char *from,
79 unsigned char *to, RSA *rsa,int padding);
80#if 0 /* not currently used */
81static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
82#endif
83static int RSA_null_init(RSA *rsa);
84static int RSA_null_finish(RSA *rsa);
85static RSA_METHOD rsa_null_meth={
86 "Null RSA",
87 RSA_null_public_encrypt,
88 RSA_null_public_decrypt,
89 RSA_null_private_encrypt,
90 RSA_null_private_decrypt,
91 NULL, NULL,
92 RSA_null_init,
93 RSA_null_finish,
94 0,
95 NULL,
96 };
97
98RSA_METHOD *RSA_null_method(void)
99 {
100 return(&rsa_null_meth);
101 }
102
103static int RSA_null_public_encrypt(int flen, unsigned char *from,
104 unsigned char *to, RSA *rsa, int padding)
105 {
106 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
107 return -1;
108 }
109
110static int RSA_null_private_encrypt(int flen, unsigned char *from,
111 unsigned char *to, RSA *rsa, int padding)
112 {
113 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
114 return -1;
115 }
116
117static int RSA_null_private_decrypt(int flen, unsigned char *from,
118 unsigned char *to, RSA *rsa, int padding)
119 {
120 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
121 return -1;
122 }
123
124static int RSA_null_public_decrypt(int flen, unsigned char *from,
125 unsigned char *to, RSA *rsa, int padding)
126 {
127 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
128 return -1;
129 }
130
131#if 0 /* not currently used */
132static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
133 {
134 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
135 return -1;
136 }
137#endif
138
139static int RSA_null_init(RSA *rsa)
140 {
141 return(1);
142 }
143
144static int RSA_null_finish(RSA *rsa)
145 {
146 return(1);
147 }
148
149
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 843c40c864..1465c01f4f 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -50,7 +50,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
50 emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); 50 emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
51 db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; 51 db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
52 memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); 52 memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
53 RAND_bytes(seed, SHA_DIGEST_LENGTH); 53 if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)
54 return (0);
54#ifdef PKCS_TESTVECT 55#ifdef PKCS_TESTVECT
55 memcpy(seed, 56 memcpy(seed,
56 "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", 57 "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
diff --git a/src/lib/libcrypto/rsa/rsa_oaep_test.c b/src/lib/libcrypto/rsa/rsa_oaep_test.c
index 0d4e39d3da..e69de29bb2 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep_test.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep_test.c
@@ -1,309 +0,0 @@
1/* test vectors from p1ovect1.txt */
2
3#include <stdio.h>
4#include <string.h>
5
6#include "openssl/e_os.h"
7
8#include <openssl/crypto.h>
9#include <openssl/err.h>
10#ifdef NO_RSA
11int main(int argc, char *argv[])
12{
13 printf("No RSA support\n");
14 return(0);
15}
16#else
17#include <openssl/rsa.h>
18
19#define SetKey \
20 key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
21 key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
22 key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
23 key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
24 key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
25 key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
26 key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
27 key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
28 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
29 return (sizeof(ctext_ex) - 1);
30
31static int key1(RSA *key, unsigned char *c)
32 {
33 static unsigned char n[] =
34"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
35"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
36"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
37"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
38"\xF5";
39
40 static unsigned char e[] = "\x11";
41
42 static unsigned char d[] =
43"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
44"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
45"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
46"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
47
48 static unsigned char p[] =
49"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
50"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
51"\x0D";
52
53 static unsigned char q[] =
54"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
55"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
56"\x89";
57
58 static unsigned char dmp1[] =
59"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
60"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
61
62 static unsigned char dmq1[] =
63"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
64"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
65"\x51";
66
67 static unsigned char iqmp[] =
68"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
69"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
70
71 static unsigned char ctext_ex[] =
72"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
73"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
74"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
75"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
76
77 SetKey;
78 }
79
80static int key2(RSA *key, unsigned char *c)
81 {
82 static unsigned char n[] =
83"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
84"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
85"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
86"\x34\x77\xCF";
87
88 static unsigned char e[] = "\x3";
89
90 static unsigned char d[] =
91"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
92"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
93"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
94"\xE5\xEB";
95
96 static unsigned char p[] =
97"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
98"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
99
100 static unsigned char q[] =
101"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
102"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
103
104 static unsigned char dmp1[] =
105"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
106"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
107
108 static unsigned char dmq1[] =
109"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
110"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
111
112 static unsigned char iqmp[] =
113"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
114"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
115
116 static unsigned char ctext_ex[] =
117"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
118"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
119"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
120"\x62\x51";
121
122 SetKey;
123 }
124
125static int key3(RSA *key, unsigned char *c)
126 {
127 static unsigned char n[] =
128"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
129"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
130"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
131"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
132"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
133"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
134"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
135"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
136"\xCB";
137
138 static unsigned char e[] = "\x11";
139
140 static unsigned char d[] =
141"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
142"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
143"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
144"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
145"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
146"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
147"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
148"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
149"\xC1";
150
151 static unsigned char p[] =
152"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
153"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
154"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
155"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
156"\x99";
157
158 static unsigned char q[] =
159"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
160"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
161"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
162"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
163"\x03";
164
165 static unsigned char dmp1[] =
166"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
167"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
168"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
169"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
170
171 static unsigned char dmq1[] =
172"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
173"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
174"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
175"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
176
177 static unsigned char iqmp[] =
178"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
179"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
180"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
181"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
182"\xF7";
183
184 static unsigned char ctext_ex[] =
185"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
186"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
187"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
188"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
189"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
190"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
191"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
192"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
193
194 SetKey;
195 }
196
197static int pad_unknown(void)
198{
199 unsigned long l;
200 while ((l = ERR_get_error()) != 0)
201 if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
202 return(1);
203 return(0);
204}
205
206int main()
207 {
208 int err=0;
209 int v;
210 RSA *key;
211 unsigned char ptext[256];
212 unsigned char ctext[256];
213 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
214 unsigned char ctext_ex[256];
215 int plen;
216 int clen = 0;
217 int num;
218
219 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
220
221 plen = sizeof(ptext_ex) - 1;
222
223 for (v = 0; v < 3; v++)
224 {
225 key = RSA_new();
226 switch (v) {
227 case 0:
228 clen = key1(key, ctext_ex);
229 break;
230 case 1:
231 clen = key2(key, ctext_ex);
232 break;
233 case 2:
234 clen = key3(key, ctext_ex);
235 break;
236 }
237
238 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
239 RSA_PKCS1_PADDING);
240 if (num != clen)
241 {
242 printf("PKCS#1 v1.5 encryption failed!\n");
243 err=1;
244 goto oaep;
245 }
246
247 num = RSA_private_decrypt(num, ctext, ptext, key,
248 RSA_PKCS1_PADDING);
249 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
250 {
251 printf("PKCS#1 v1.5 decryption failed!\n");
252 err=1;
253 }
254 else
255 printf("PKCS #1 v1.5 encryption/decryption ok\n");
256
257 oaep:
258 ERR_clear_error();
259 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
260 RSA_PKCS1_OAEP_PADDING);
261 if (num == -1 && pad_unknown())
262 {
263 printf("No OAEP support\n");
264 goto next;
265 }
266 if (num != clen)
267 {
268 printf("OAEP encryption failed!\n");
269 err=1;
270 goto next;
271 }
272
273 num = RSA_private_decrypt(num, ctext, ptext, key,
274 RSA_PKCS1_OAEP_PADDING);
275 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
276 {
277 printf("OAEP decryption (encrypted data) failed!\n");
278 err=1;
279 }
280 else if (memcmp(ctext, ctext_ex, num) == 0)
281 {
282 printf("OAEP test vector %d passed!\n", v);
283 goto next;
284 }
285
286 /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
287 Try decrypting ctext_ex */
288
289 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
290 RSA_PKCS1_OAEP_PADDING);
291
292 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
293 {
294 printf("OAEP decryption (test vector data) failed!\n");
295 err=1;
296 }
297 else
298 printf("OAEP encryption/decryption ok\n");
299 next:
300 RSA_free(key);
301 }
302
303 ERR_remove_state(0);
304
305 CRYPTO_mem_leaks_fp(stdout);
306
307 return err;
308 }
309#endif
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index f0ae51f234..48a32bc264 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -79,7 +79,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
79 *(p++)=0; 79 *(p++)=0;
80 *(p++)=1; /* Private Key BT (Block Type) */ 80 *(p++)=1; /* Private Key BT (Block Type) */
81 81
82 /* padd out with 0xff data */ 82 /* pad out with 0xff data */
83 j=tlen-3-flen; 83 j=tlen-3-flen;
84 memset(p,0xff,j); 84 memset(p,0xff,j);
85 p+=j; 85 p+=j;
@@ -130,6 +130,11 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
130 } 130 }
131 i++; /* Skip over the '\0' */ 131 i++; /* Skip over the '\0' */
132 j-=i; 132 j-=i;
133 if (j > tlen)
134 {
135 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);
136 return(-1);
137 }
133 memcpy(to,p,(unsigned int)j); 138 memcpy(to,p,(unsigned int)j);
134 139
135 return(j); 140 return(j);
@@ -155,12 +160,14 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
155 /* pad out with non-zero random data */ 160 /* pad out with non-zero random data */
156 j=tlen-3-flen; 161 j=tlen-3-flen;
157 162
158 RAND_bytes(p,j); 163 if (RAND_bytes(p,j) <= 0)
164 return(0);
159 for (i=0; i<j; i++) 165 for (i=0; i<j; i++)
160 { 166 {
161 if (*p == '\0') 167 if (*p == '\0')
162 do { 168 do {
163 RAND_bytes(p,1); 169 if (RAND_bytes(p,1) <= 0)
170 return(0);
164 } while (*p == '\0'); 171 } while (*p == '\0');
165 p++; 172 p++;
166 } 173 }
@@ -205,6 +212,11 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
205 } 212 }
206 i++; /* Skip over the '\0' */ 213 i++; /* Skip over the '\0' */
207 j-=i; 214 j-=i;
215 if (j > tlen)
216 {
217 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);
218 return(-1);
219 }
208 memcpy(to,p,(unsigned int)j); 220 memcpy(to,p,(unsigned int)j);
209 221
210 return(j); 222 return(j);
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index 73b8b0c7ad..61efb0b00f 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -136,7 +136,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
136 else 136 else
137 ret=1; 137 ret=1;
138err: 138err:
139 if (sig != NULL) ASN1_OCTET_STRING_free(sig); 139 if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);
140 memset(s,0,(unsigned int)siglen); 140 memset(s,0,(unsigned int)siglen);
141 Free(s); 141 Free(s);
142 return(ret); 142 return(ret);
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 1740494a4c..05bb7fb74a 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -63,59 +63,77 @@
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65 65
66/* Size of an SSL signature: MD5+SHA1 */
67#define SSL_SIG_LENGTH 36
68
66int RSA_sign(int type, unsigned char *m, unsigned int m_len, 69int RSA_sign(int type, unsigned char *m, unsigned int m_len,
67 unsigned char *sigret, unsigned int *siglen, RSA *rsa) 70 unsigned char *sigret, unsigned int *siglen, RSA *rsa)
68 { 71 {
69 X509_SIG sig; 72 X509_SIG sig;
70 ASN1_TYPE parameter; 73 ASN1_TYPE parameter;
71 int i,j,ret=1; 74 int i,j,ret=1;
72 unsigned char *p,*s; 75 unsigned char *p,*s = NULL;
73 X509_ALGOR algor; 76 X509_ALGOR algor;
74 ASN1_OCTET_STRING digest; 77 ASN1_OCTET_STRING digest;
75 78 if(rsa->flags & RSA_FLAG_SIGN_VER)
76 sig.algor= &algor; 79 return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
77 sig.algor->algorithm=OBJ_nid2obj(type); 80 /* Special case: SSL signature, just check the length */
78 if (sig.algor->algorithm == NULL) 81 if(type == NID_md5_sha1) {
79 { 82 if(m_len != SSL_SIG_LENGTH) {
80 RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); 83 RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
81 return(0); 84 return(0);
82 }
83 if (sig.algor->algorithm->length == 0)
84 {
85 RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
86 return(0);
87 } 85 }
88 parameter.type=V_ASN1_NULL; 86 i = SSL_SIG_LENGTH;
89 parameter.value.ptr=NULL; 87 s = m;
90 sig.algor->parameter= &parameter; 88 } else {
89 sig.algor= &algor;
90 sig.algor->algorithm=OBJ_nid2obj(type);
91 if (sig.algor->algorithm == NULL)
92 {
93 RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
94 return(0);
95 }
96 if (sig.algor->algorithm->length == 0)
97 {
98 RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
99 return(0);
100 }
101 parameter.type=V_ASN1_NULL;
102 parameter.value.ptr=NULL;
103 sig.algor->parameter= &parameter;
91 104
92 sig.digest= &digest; 105 sig.digest= &digest;
93 sig.digest->data=m; 106 sig.digest->data=m;
94 sig.digest->length=m_len; 107 sig.digest->length=m_len;
95 108
96 i=i2d_X509_SIG(&sig,NULL); 109 i=i2d_X509_SIG(&sig,NULL);
110 }
97 j=RSA_size(rsa); 111 j=RSA_size(rsa);
98 if ((i-RSA_PKCS1_PADDING) > j) 112 if ((i-RSA_PKCS1_PADDING) > j)
99 { 113 {
100 RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); 114 RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
101 return(0); 115 return(0);
102 } 116 }
103 s=(unsigned char *)Malloc((unsigned int)j+1); 117 if(type != NID_md5_sha1) {
104 if (s == NULL) 118 s=(unsigned char *)Malloc((unsigned int)j+1);
105 { 119 if (s == NULL)
106 RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); 120 {
107 return(0); 121 RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
108 } 122 return(0);
109 p=s; 123 }
110 i2d_X509_SIG(&sig,&p); 124 p=s;
125 i2d_X509_SIG(&sig,&p);
126 }
111 i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); 127 i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
112 if (i <= 0) 128 if (i <= 0)
113 ret=0; 129 ret=0;
114 else 130 else
115 *siglen=i; 131 *siglen=i;
116 132
117 memset(s,0,(unsigned int)j+1); 133 if(type != NID_md5_sha1) {
118 Free(s); 134 memset(s,0,(unsigned int)j+1);
135 Free(s);
136 }
119 return(ret); 137 return(ret);
120 } 138 }
121 139
@@ -132,53 +150,68 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
132 return(0); 150 return(0);
133 } 151 }
134 152
153 if(rsa->flags & RSA_FLAG_SIGN_VER)
154 return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
155
135 s=(unsigned char *)Malloc((unsigned int)siglen); 156 s=(unsigned char *)Malloc((unsigned int)siglen);
136 if (s == NULL) 157 if (s == NULL)
137 { 158 {
138 RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); 159 RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
139 goto err; 160 goto err;
140 } 161 }
162 if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
163 RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
164 return(0);
165 }
141 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); 166 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
142 167
143 if (i <= 0) goto err; 168 if (i <= 0) goto err;
144 169
145 p=s; 170 /* Special case: SSL signature */
146 sig=d2i_X509_SIG(NULL,&p,(long)i); 171 if(dtype == NID_md5_sha1) {
172 if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
173 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
174 else ret = 1;
175 } else {
176 p=s;
177 sig=d2i_X509_SIG(NULL,&p,(long)i);
147 178
148 if (sig == NULL) goto err; 179 if (sig == NULL) goto err;
149 sigtype=OBJ_obj2nid(sig->algor->algorithm); 180 sigtype=OBJ_obj2nid(sig->algor->algorithm);
150 181
151 182
152#ifdef RSA_DEBUG 183 #ifdef RSA_DEBUG
153 /* put a backward compatability flag in EAY */ 184 /* put a backward compatibility flag in EAY */
154 fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), 185 fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
155 OBJ_nid2ln(dtype)); 186 OBJ_nid2ln(dtype));
156#endif 187 #endif
157 if (sigtype != dtype) 188 if (sigtype != dtype)
158 {
159 if (((dtype == NID_md5) &&
160 (sigtype == NID_md5WithRSAEncryption)) ||
161 ((dtype == NID_md2) &&
162 (sigtype == NID_md2WithRSAEncryption)))
163 { 189 {
164 /* ok, we will let it through */ 190 if (((dtype == NID_md5) &&
165#if !defined(NO_STDIO) && !defined(WIN16) 191 (sigtype == NID_md5WithRSAEncryption)) ||
166 fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); 192 ((dtype == NID_md2) &&
167#endif 193 (sigtype == NID_md2WithRSAEncryption)))
194 {
195 /* ok, we will let it through */
196 #if !defined(NO_STDIO) && !defined(WIN16)
197 fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
198 #endif
199 }
200 else
201 {
202 RSAerr(RSA_F_RSA_VERIFY,
203 RSA_R_ALGORITHM_MISMATCH);
204 goto err;
205 }
168 } 206 }
169 else 207 if ( ((unsigned int)sig->digest->length != m_len) ||
208 (memcmp(m,sig->digest->data,m_len) != 0))
170 { 209 {
171 RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH); 210 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
172 goto err;
173 } 211 }
174 } 212 else
175 if ( ((unsigned int)sig->digest->length != m_len) || 213 ret=1;
176 (memcmp(m,sig->digest->data,m_len) != 0)) 214 }
177 {
178 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
179 }
180 else
181 ret=1;
182err: 215err:
183 if (sig != NULL) X509_SIG_free(sig); 216 if (sig != NULL) X509_SIG_free(sig);
184 memset(s,0,(unsigned int)siglen); 217 memset(s,0,(unsigned int)siglen);
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index 1050844f8d..81a857c813 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -82,12 +82,14 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
82 /* pad out with non-zero random data */ 82 /* pad out with non-zero random data */
83 j=tlen-3-8-flen; 83 j=tlen-3-8-flen;
84 84
85 RAND_bytes(p,j); 85 if (RAND_bytes(p,j) <= 0)
86 return(0);
86 for (i=0; i<j; i++) 87 for (i=0; i<j; i++)
87 { 88 {
88 if (*p == '\0') 89 if (*p == '\0')
89 do { 90 do {
90 RAND_bytes(p,1); 91 if (RAND_bytes(p,1) <= 0)
92 return(0);
91 } while (*p == '\0'); 93 } while (*p == '\0');
92 p++; 94 p++;
93 } 95 }
@@ -140,6 +142,11 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
140 142
141 i++; /* Skip over the '\0' */ 143 i++; /* Skip over the '\0' */
142 j-=i; 144 j-=i;
145 if (j > tlen)
146 {
147 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
148 return(-1);
149 }
143 memcpy(to,p,(unsigned int)j); 150 memcpy(to,p,(unsigned int)j);
144 151
145 return(j); 152 return(j);
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
new file mode 100644
index 0000000000..e5ae0c1f69
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -0,0 +1,314 @@
1/* test vectors from p1ovect1.txt */
2
3#include <stdio.h>
4#include <string.h>
5
6#include "openssl/e_os.h"
7
8#include <openssl/crypto.h>
9#include <openssl/err.h>
10#include <openssl/rand.h>
11#ifdef NO_RSA
12int main(int argc, char *argv[])
13{
14 printf("No RSA support\n");
15 return(0);
16}
17#else
18#include <openssl/rsa.h>
19
20#define SetKey \
21 key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
22 key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
23 key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
24 key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
25 key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
26 key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
27 key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
28 key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
29 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
30 return (sizeof(ctext_ex) - 1);
31
32static int key1(RSA *key, unsigned char *c)
33 {
34 static unsigned char n[] =
35"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
36"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
37"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
38"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
39"\xF5";
40
41 static unsigned char e[] = "\x11";
42
43 static unsigned char d[] =
44"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
45"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
46"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
47"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
48
49 static unsigned char p[] =
50"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
51"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
52"\x0D";
53
54 static unsigned char q[] =
55"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
56"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
57"\x89";
58
59 static unsigned char dmp1[] =
60"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
61"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
62
63 static unsigned char dmq1[] =
64"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
65"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
66"\x51";
67
68 static unsigned char iqmp[] =
69"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
70"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
71
72 static unsigned char ctext_ex[] =
73"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
74"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
75"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
76"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
77
78 SetKey;
79 }
80
81static int key2(RSA *key, unsigned char *c)
82 {
83 static unsigned char n[] =
84"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
85"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
86"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
87"\x34\x77\xCF";
88
89 static unsigned char e[] = "\x3";
90
91 static unsigned char d[] =
92"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
93"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
94"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
95"\xE5\xEB";
96
97 static unsigned char p[] =
98"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
99"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
100
101 static unsigned char q[] =
102"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
103"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
104
105 static unsigned char dmp1[] =
106"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
107"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
108
109 static unsigned char dmq1[] =
110"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
111"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
112
113 static unsigned char iqmp[] =
114"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
115"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
116
117 static unsigned char ctext_ex[] =
118"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
119"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
120"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
121"\x62\x51";
122
123 SetKey;
124 }
125
126static int key3(RSA *key, unsigned char *c)
127 {
128 static unsigned char n[] =
129"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
130"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
131"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
132"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
133"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
134"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
135"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
136"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
137"\xCB";
138
139 static unsigned char e[] = "\x11";
140
141 static unsigned char d[] =
142"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
143"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
144"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
145"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
146"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
147"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
148"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
149"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
150"\xC1";
151
152 static unsigned char p[] =
153"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
154"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
155"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
156"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
157"\x99";
158
159 static unsigned char q[] =
160"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
161"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
162"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
163"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
164"\x03";
165
166 static unsigned char dmp1[] =
167"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
168"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
169"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
170"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
171
172 static unsigned char dmq1[] =
173"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
174"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
175"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
176"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
177
178 static unsigned char iqmp[] =
179"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
180"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
181"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
182"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
183"\xF7";
184
185 static unsigned char ctext_ex[] =
186"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
187"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
188"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
189"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
190"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
191"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
192"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
193"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
194
195 SetKey;
196 }
197
198static int pad_unknown(void)
199{
200 unsigned long l;
201 while ((l = ERR_get_error()) != 0)
202 if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
203 return(1);
204 return(0);
205}
206
207static const char rnd_seed[] = "string to make the random number generator think it has entropy";
208
209int main(int argc, char *argv[])
210 {
211 int err=0;
212 int v;
213 RSA *key;
214 unsigned char ptext[256];
215 unsigned char ctext[256];
216 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
217 unsigned char ctext_ex[256];
218 int plen;
219 int clen = 0;
220 int num;
221
222 RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
223
224 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
225
226 plen = sizeof(ptext_ex) - 1;
227
228 for (v = 0; v < 3; v++)
229 {
230 key = RSA_new();
231 switch (v) {
232 case 0:
233 clen = key1(key, ctext_ex);
234 break;
235 case 1:
236 clen = key2(key, ctext_ex);
237 break;
238 case 2:
239 clen = key3(key, ctext_ex);
240 break;
241 }
242
243 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
244 RSA_PKCS1_PADDING);
245 if (num != clen)
246 {
247 printf("PKCS#1 v1.5 encryption failed!\n");
248 err=1;
249 goto oaep;
250 }
251
252 num = RSA_private_decrypt(num, ctext, ptext, key,
253 RSA_PKCS1_PADDING);
254 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
255 {
256 printf("PKCS#1 v1.5 decryption failed!\n");
257 err=1;
258 }
259 else
260 printf("PKCS #1 v1.5 encryption/decryption ok\n");
261
262 oaep:
263 ERR_clear_error();
264 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
265 RSA_PKCS1_OAEP_PADDING);
266 if (num == -1 && pad_unknown())
267 {
268 printf("No OAEP support\n");
269 goto next;
270 }
271 if (num != clen)
272 {
273 printf("OAEP encryption failed!\n");
274 err=1;
275 goto next;
276 }
277
278 num = RSA_private_decrypt(num, ctext, ptext, key,
279 RSA_PKCS1_OAEP_PADDING);
280 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
281 {
282 printf("OAEP decryption (encrypted data) failed!\n");
283 err=1;
284 }
285 else if (memcmp(ctext, ctext_ex, num) == 0)
286 {
287 printf("OAEP test vector %d passed!\n", v);
288 goto next;
289 }
290
291 /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
292 Try decrypting ctext_ex */
293
294 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
295 RSA_PKCS1_OAEP_PADDING);
296
297 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
298 {
299 printf("OAEP decryption (test vector data) failed!\n");
300 err=1;
301 }
302 else
303 printf("OAEP encryption/decryption ok\n");
304 next:
305 RSA_free(key);
306 }
307
308 ERR_remove_state(0);
309
310 CRYPTO_mem_leaks_fp(stdout);
311
312 return err;
313 }
314#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-05-28 11:42:17 +0000