summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
authordjm <>2010-10-01 22:54:21 +0000
committerdjm <>2010-10-01 22:54:21 +0000
commit829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2 (patch)
treee03b9f1bd051e844b971936729e9df549a209130 /src/lib/libcrypto/rsa
parente6b755d2a53d3cac7a344dfdd6bf7c951cac754c (diff)
downloadopenbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.gz
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.tar.bz2
openbsd-829fd51d4f8dde4a7f3bf54754f3c1d1a502f5e2.zip
import OpenSSL-1.0.0a
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/rsa.h89
-rw-r--r--src/lib/libcrypto/rsa/rsa_ameth.c349
-rw-r--r--src/lib/libcrypto/rsa/rsa_asn1.c16
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c6
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c29
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c283
-rw-r--r--src/lib/libcrypto/rsa/rsa_locl.h4
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c35
-rw-r--r--src/lib/libcrypto/rsa/rsa_pmeth.c587
-rw-r--r--src/lib/libcrypto/rsa/rsa_prn.c93
-rw-r--r--src/lib/libcrypto/rsa/rsa_pss.c16
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c88
13 files changed, 1458 insertions, 140 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 5bb932ae15..cf74343657 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -74,25 +74,6 @@
74#error RSA is disabled. 74#error RSA is disabled.
75#endif 75#endif
76 76
77/* If this flag is set the RSA method is FIPS compliant and can be used
78 * in FIPS mode. This is set in the validated module method. If an
79 * application sets this flag in its own methods it is its reposibility
80 * to ensure the result is compliant.
81 */
82
83#define RSA_FLAG_FIPS_METHOD 0x0400
84
85/* If this flag is set the operations normally disabled in FIPS mode are
86 * permitted it is then the applications responsibility to ensure that the
87 * usage is compliant.
88 */
89
90#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
91
92#ifdef OPENSSL_FIPS
93#define FIPS_RSA_SIZE_T int
94#endif
95
96#ifdef __cplusplus 77#ifdef __cplusplus
97extern "C" { 78extern "C" {
98#endif 79#endif
@@ -136,7 +117,8 @@ struct rsa_meth_st
136 unsigned char *sigret, unsigned int *siglen, const RSA *rsa); 117 unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
137 int (*rsa_verify)(int dtype, 118 int (*rsa_verify)(int dtype,
138 const unsigned char *m, unsigned int m_length, 119 const unsigned char *m, unsigned int m_length,
139 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); 120 const unsigned char *sigbuf, unsigned int siglen,
121 const RSA *rsa);
140/* If this callback is NULL, the builtin software RSA key-gen will be used. This 122/* If this callback is NULL, the builtin software RSA key-gen will be used. This
141 * is for behavioural compatibility whilst the code gets rewired, but one day 123 * is for behavioural compatibility whilst the code gets rewired, but one day
142 * it would be nice to assume there are no such things as "builtin software" 124 * it would be nice to assume there are no such things as "builtin software"
@@ -182,8 +164,6 @@ struct rsa_st
182# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 164# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
183#endif 165#endif
184 166
185#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
186
187#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS 167#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
188# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 168# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
189#endif 169#endif
@@ -238,11 +218,37 @@ struct rsa_st
238#endif 218#endif
239 219
240 220
221#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
222 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
223 pad, NULL)
224
225#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
226 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
227 (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
228 EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
229 len, NULL)
230
231#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
232 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
233 EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
234
235#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
236 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
237 EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
238
239#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
240#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
241
242#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
243#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
244
241#define RSA_PKCS1_PADDING 1 245#define RSA_PKCS1_PADDING 1
242#define RSA_SSLV23_PADDING 2 246#define RSA_SSLV23_PADDING 2
243#define RSA_NO_PADDING 3 247#define RSA_NO_PADDING 3
244#define RSA_PKCS1_OAEP_PADDING 4 248#define RSA_PKCS1_OAEP_PADDING 4
245#define RSA_X931_PADDING 5 249#define RSA_X931_PADDING 5
250/* EVP_PKEY_ only */
251#define RSA_PKCS1_PSS_PADDING 6
246 252
247#define RSA_PKCS1_PADDING_SIZE 11 253#define RSA_PKCS1_PADDING_SIZE 11
248 254
@@ -261,11 +267,6 @@ RSA * RSA_generate_key(int bits, unsigned long e,void
261 267
262/* New version */ 268/* New version */
263int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); 269int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
264int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
265 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
266 const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
267 const BIGNUM *e, BN_GENCB *cb);
268int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
269 270
270int RSA_check_key(const RSA *); 271int RSA_check_key(const RSA *);
271 /* next 4 return -1 on error */ 272 /* next 4 return -1 on error */
@@ -283,11 +284,6 @@ int RSA_up_ref(RSA *r);
283 284
284int RSA_flags(const RSA *r); 285int RSA_flags(const RSA *r);
285 286
286#ifdef OPENSSL_FIPS
287RSA *FIPS_rsa_new(void);
288void FIPS_rsa_free(RSA *r);
289#endif
290
291void RSA_set_default_method(const RSA_METHOD *meth); 287void RSA_set_default_method(const RSA_METHOD *meth);
292const RSA_METHOD *RSA_get_default_method(void); 288const RSA_METHOD *RSA_get_default_method(void);
293const RSA_METHOD *RSA_get_method(const RSA *rsa); 289const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
333int RSA_sign(int type, const unsigned char *m, unsigned int m_length, 329int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
334 unsigned char *sigret, unsigned int *siglen, RSA *rsa); 330 unsigned char *sigret, unsigned int *siglen, RSA *rsa);
335int RSA_verify(int type, const unsigned char *m, unsigned int m_length, 331int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
336 unsigned char *sigbuf, unsigned int siglen, RSA *rsa); 332 const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
337 333
338/* The following 2 function sign and verify a ASN1_OCTET_STRING 334/* The following 2 function sign and verify a ASN1_OCTET_STRING
339 * object inside PKCS#1 padded RSA encryption */ 335 * object inside PKCS#1 padded RSA encryption */
@@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void);
401/* Error codes for the RSA functions. */ 397/* Error codes for the RSA functions. */
402 398
403/* Function codes. */ 399/* Function codes. */
404#define RSA_F_FIPS_RSA_SIGN 140 400#define RSA_F_CHECK_PADDING_MD 140
405#define RSA_F_FIPS_RSA_VERIFY 141 401#define RSA_F_DO_RSA_PRINT 146
402#define RSA_F_INT_RSA_VERIFY 145
406#define RSA_F_MEMORY_LOCK 100 403#define RSA_F_MEMORY_LOCK 100
404#define RSA_F_OLD_RSA_PRIV_DECODE 147
405#define RSA_F_PKEY_RSA_CTRL 143
406#define RSA_F_PKEY_RSA_CTRL_STR 144
407#define RSA_F_PKEY_RSA_SIGN 142
408#define RSA_F_PKEY_RSA_VERIFYRECOVER 141
407#define RSA_F_RSA_BUILTIN_KEYGEN 129 409#define RSA_F_RSA_BUILTIN_KEYGEN 129
408#define RSA_F_RSA_CHECK_KEY 123 410#define RSA_F_RSA_CHECK_KEY 123
409#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 411#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
@@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void);
434#define RSA_F_RSA_PADDING_CHECK_X931 128 436#define RSA_F_RSA_PADDING_CHECK_X931 128
435#define RSA_F_RSA_PRINT 115 437#define RSA_F_RSA_PRINT 115
436#define RSA_F_RSA_PRINT_FP 116 438#define RSA_F_RSA_PRINT_FP 116
437#define RSA_F_RSA_PRIVATE_ENCRYPT 137 439#define RSA_F_RSA_PRIV_DECODE 137
438#define RSA_F_RSA_PUBLIC_DECRYPT 138 440#define RSA_F_RSA_PRIV_ENCODE 138
441#define RSA_F_RSA_PUB_DECODE 139
439#define RSA_F_RSA_SETUP_BLINDING 136 442#define RSA_F_RSA_SETUP_BLINDING 136
440#define RSA_F_RSA_SET_DEFAULT_METHOD 139
441#define RSA_F_RSA_SET_METHOD 142
442#define RSA_F_RSA_SIGN 117 443#define RSA_F_RSA_SIGN 117
443#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 444#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
444#define RSA_F_RSA_VERIFY 119 445#define RSA_F_RSA_VERIFY 119
@@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void);
464#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 465#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
465#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 466#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
466#define RSA_R_FIRST_OCTET_INVALID 133 467#define RSA_R_FIRST_OCTET_INVALID 133
468#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144
469#define RSA_R_INVALID_DIGEST_LENGTH 143
467#define RSA_R_INVALID_HEADER 137 470#define RSA_R_INVALID_HEADER 137
471#define RSA_R_INVALID_KEYBITS 145
468#define RSA_R_INVALID_MESSAGE_LENGTH 131 472#define RSA_R_INVALID_MESSAGE_LENGTH 131
469#define RSA_R_INVALID_PADDING 138 473#define RSA_R_INVALID_PADDING 138
474#define RSA_R_INVALID_PADDING_MODE 141
475#define RSA_R_INVALID_PSS_SALTLEN 146
470#define RSA_R_INVALID_TRAILER 139 476#define RSA_R_INVALID_TRAILER 139
477#define RSA_R_INVALID_X931_DIGEST 142
471#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 478#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
472#define RSA_R_KEY_SIZE_TOO_SMALL 120 479#define RSA_R_KEY_SIZE_TOO_SMALL 120
473#define RSA_R_LAST_OCTET_INVALID 134 480#define RSA_R_LAST_OCTET_INVALID 134
474#define RSA_R_MODULUS_TOO_LARGE 105 481#define RSA_R_MODULUS_TOO_LARGE 105
475#define RSA_R_NON_FIPS_METHOD 141
476#define RSA_R_NO_PUBLIC_EXPONENT 140 482#define RSA_R_NO_PUBLIC_EXPONENT 140
477#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 483#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
478#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 484#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
479#define RSA_R_OAEP_DECODING_ERROR 121 485#define RSA_R_OAEP_DECODING_ERROR 121
480#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142 486#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
481#define RSA_R_PADDING_CHECK_FAILED 114 487#define RSA_R_PADDING_CHECK_FAILED 114
482#define RSA_R_P_NOT_PRIME 128 488#define RSA_R_P_NOT_PRIME 128
483#define RSA_R_Q_NOT_PRIME 129 489#define RSA_R_Q_NOT_PRIME 129
@@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void);
488#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 494#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
489#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 495#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
490#define RSA_R_UNKNOWN_PADDING_TYPE 118 496#define RSA_R_UNKNOWN_PADDING_TYPE 118
497#define RSA_R_VALUE_MISSING 147
491#define RSA_R_WRONG_SIGNATURE_LENGTH 119 498#define RSA_R_WRONG_SIGNATURE_LENGTH 119
492 499
493#ifdef __cplusplus 500#ifdef __cplusplus
diff --git a/src/lib/libcrypto/rsa/rsa_ameth.c b/src/lib/libcrypto/rsa/rsa_ameth.c
new file mode 100644
index 0000000000..8c3209885e
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_ameth.c
@@ -0,0 +1,349 @@
1/* crypto/rsa/rsa_ameth.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63#include <openssl/rsa.h>
64#include <openssl/bn.h>
65#ifndef OPENSSL_NO_CMS
66#include <openssl/cms.h>
67#endif
68#include "asn1_locl.h"
69
70static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
71 {
72 unsigned char *penc = NULL;
73 int penclen;
74 penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
75 if (penclen <= 0)
76 return 0;
77 if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
78 V_ASN1_NULL, NULL, penc, penclen))
79 return 1;
80
81 OPENSSL_free(penc);
82 return 0;
83 }
84
85static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
86 {
87 const unsigned char *p;
88 int pklen;
89 RSA *rsa = NULL;
90 if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
91 return 0;
92 if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen)))
93 {
94 RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
95 return 0;
96 }
97 EVP_PKEY_assign_RSA (pkey, rsa);
98 return 1;
99 }
100
101static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
102 {
103 if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
104 || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
105 return 0;
106 return 1;
107 }
108
109static int old_rsa_priv_decode(EVP_PKEY *pkey,
110 const unsigned char **pder, int derlen)
111 {
112 RSA *rsa;
113 if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen)))
114 {
115 RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
116 return 0;
117 }
118 EVP_PKEY_assign_RSA(pkey, rsa);
119 return 1;
120 }
121
122static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
123 {
124 return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
125 }
126
127static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
128 {
129 unsigned char *rk = NULL;
130 int rklen;
131 rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
132
133 if (rklen <= 0)
134 {
135 RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
136 return 0;
137 }
138
139 if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
140 V_ASN1_NULL, NULL, rk, rklen))
141 {
142 RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
143 return 0;
144 }
145
146 return 1;
147 }
148
149static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
150 {
151 const unsigned char *p;
152 int pklen;
153 if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
154 return 0;
155 return old_rsa_priv_decode(pkey, &p, pklen);
156 }
157
158static int int_rsa_size(const EVP_PKEY *pkey)
159 {
160 return RSA_size(pkey->pkey.rsa);
161 }
162
163static int rsa_bits(const EVP_PKEY *pkey)
164 {
165 return BN_num_bits(pkey->pkey.rsa->n);
166 }
167
168static void int_rsa_free(EVP_PKEY *pkey)
169 {
170 RSA_free(pkey->pkey.rsa);
171 }
172
173
174static void update_buflen(const BIGNUM *b, size_t *pbuflen)
175 {
176 size_t i;
177 if (!b)
178 return;
179 if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
180 *pbuflen = i;
181 }
182
183static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
184 {
185 char *str;
186 const char *s;
187 unsigned char *m=NULL;
188 int ret=0, mod_len = 0;
189 size_t buf_len=0;
190
191 update_buflen(x->n, &buf_len);
192 update_buflen(x->e, &buf_len);
193
194 if (priv)
195 {
196 update_buflen(x->d, &buf_len);
197 update_buflen(x->p, &buf_len);
198 update_buflen(x->q, &buf_len);
199 update_buflen(x->dmp1, &buf_len);
200 update_buflen(x->dmq1, &buf_len);
201 update_buflen(x->iqmp, &buf_len);
202 }
203
204 m=(unsigned char *)OPENSSL_malloc(buf_len+10);
205 if (m == NULL)
206 {
207 RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE);
208 goto err;
209 }
210
211 if (x->n != NULL)
212 mod_len = BN_num_bits(x->n);
213
214 if(!BIO_indent(bp,off,128))
215 goto err;
216
217 if (priv && x->d)
218 {
219 if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
220 <= 0) goto err;
221 str = "modulus:";
222 s = "publicExponent:";
223 }
224 else
225 {
226 if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len)
227 <= 0) goto err;
228 str = "Modulus:";
229 s= "Exponent:";
230 }
231 if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err;
232 if (!ASN1_bn_print(bp,s,x->e,m,off))
233 goto err;
234 if (priv)
235 {
236 if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off))
237 goto err;
238 if (!ASN1_bn_print(bp,"prime1:",x->p,m,off))
239 goto err;
240 if (!ASN1_bn_print(bp,"prime2:",x->q,m,off))
241 goto err;
242 if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off))
243 goto err;
244 if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off))
245 goto err;
246 if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off))
247 goto err;
248 }
249 ret=1;
250err:
251 if (m != NULL) OPENSSL_free(m);
252 return(ret);
253 }
254
255static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
256 ASN1_PCTX *ctx)
257 {
258 return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
259 }
260
261
262static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
263 ASN1_PCTX *ctx)
264 {
265 return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
266 }
267
268
269static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
270 {
271 X509_ALGOR *alg = NULL;
272 switch (op)
273 {
274
275 case ASN1_PKEY_CTRL_PKCS7_SIGN:
276 if (arg1 == 0)
277 PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
278 break;
279
280 case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
281 if (arg1 == 0)
282 PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
283 break;
284#ifndef OPENSSL_NO_CMS
285 case ASN1_PKEY_CTRL_CMS_SIGN:
286 if (arg1 == 0)
287 CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
288 break;
289
290 case ASN1_PKEY_CTRL_CMS_ENVELOPE:
291 if (arg1 == 0)
292 CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
293 break;
294#endif
295
296 case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
297 *(int *)arg2 = NID_sha1;
298 return 1;
299
300 default:
301 return -2;
302
303 }
304
305 if (alg)
306 X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
307 V_ASN1_NULL, 0);
308
309 return 1;
310
311 }
312
313
314const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] =
315 {
316 {
317 EVP_PKEY_RSA,
318 EVP_PKEY_RSA,
319 ASN1_PKEY_SIGPARAM_NULL,
320
321 "RSA",
322 "OpenSSL RSA method",
323
324 rsa_pub_decode,
325 rsa_pub_encode,
326 rsa_pub_cmp,
327 rsa_pub_print,
328
329 rsa_priv_decode,
330 rsa_priv_encode,
331 rsa_priv_print,
332
333 int_rsa_size,
334 rsa_bits,
335
336 0,0,0,0,0,0,
337
338 int_rsa_free,
339 rsa_pkey_ctrl,
340 old_rsa_priv_decode,
341 old_rsa_priv_encode
342 },
343
344 {
345 EVP_PKEY_RSA2,
346 EVP_PKEY_RSA,
347 ASN1_PKEY_ALIAS
348 }
349 };
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index 6e8a803e81..4efca8cdc8 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -3,7 +3,7 @@
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
6 * Copyright (c) 2000 The OpenSSL Project. All rights reserved. 6 * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
7 * 7 *
8 * Redistribution and use in source and binary forms, with or without 8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions 9 * modification, are permitted provided that the following conditions
@@ -62,19 +62,9 @@
62#include <openssl/rsa.h> 62#include <openssl/rsa.h>
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64 64
65static ASN1_METHOD method={
66 (I2D_OF(void)) i2d_RSAPrivateKey,
67 (D2I_OF(void)) d2i_RSAPrivateKey,
68 (void *(*)(void)) RSA_new,
69 (void (*)(void *)) RSA_free};
70
71ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
72 {
73 return(&method);
74 }
75
76/* Override the default free and new methods */ 65/* Override the default free and new methods */
77static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it) 66static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
67 void *exarg)
78{ 68{
79 if(operation == ASN1_OP_NEW_PRE) { 69 if(operation == ASN1_OP_NEW_PRE) {
80 *pval = (ASN1_VALUE *)RSA_new(); 70 *pval = (ASN1_VALUE *)RSA_new();
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 0ac6418449..c5eaeeae6b 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -115,7 +115,7 @@
115#include <openssl/rsa.h> 115#include <openssl/rsa.h>
116#include <openssl/rand.h> 116#include <openssl/rand.h>
117 117
118#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS) 118#ifndef RSA_NULL
119 119
120static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 120static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
121 unsigned char *to, RSA *rsa,int padding); 121 unsigned char *to, RSA *rsa,int padding);
@@ -256,6 +256,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
256{ 256{
257 BN_BLINDING *ret; 257 BN_BLINDING *ret;
258 int got_write_lock = 0; 258 int got_write_lock = 0;
259 CRYPTO_THREADID cur;
259 260
260 CRYPTO_r_lock(CRYPTO_LOCK_RSA); 261 CRYPTO_r_lock(CRYPTO_LOCK_RSA);
261 262
@@ -273,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
273 if (ret == NULL) 274 if (ret == NULL)
274 goto err; 275 goto err;
275 276
276 if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) 277 CRYPTO_THREADID_current(&cur);
278 if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret)))
277 { 279 {
278 /* rsa->blinding is ours! */ 280 /* rsa->blinding is ours! */
279 281
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index 501f5ea389..cf9f1106b0 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/rsa/rsa_err.c */ 1/* crypto/rsa/rsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -70,9 +70,15 @@
70 70
71static ERR_STRING_DATA RSA_str_functs[]= 71static ERR_STRING_DATA RSA_str_functs[]=
72 { 72 {
73{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"}, 73{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
74{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"}, 74{ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
75{ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
75{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, 76{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
77{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
78{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
79{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
80{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
81{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
76{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, 82{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
77{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, 83{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
78{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, 84{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
@@ -103,11 +109,10 @@ static ERR_STRING_DATA RSA_str_functs[]=
103{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, 109{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
104{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, 110{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
105{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, 111{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
106{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"}, 112{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
107{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"}, 113{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
114{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
108{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, 115{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
109{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
110{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
111{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, 116{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
112{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, 117{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
113{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, 118{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
@@ -136,20 +141,25 @@ static ERR_STRING_DATA RSA_str_reasons[]=
136{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"}, 141{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
137{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, 142{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
138{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, 143{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
144{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
145{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
139{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, 146{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
147{ERR_REASON(RSA_R_INVALID_KEYBITS) ,"invalid keybits"},
140{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, 148{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
141{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, 149{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
150{ERR_REASON(RSA_R_INVALID_PADDING_MODE) ,"invalid padding mode"},
151{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) ,"invalid pss saltlen"},
142{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, 152{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
153{ERR_REASON(RSA_R_INVALID_X931_DIGEST) ,"invalid x931 digest"},
143{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, 154{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
144{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, 155{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
145{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, 156{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
146{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 157{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
147{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"},
148{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, 158{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
149{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, 159{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
150{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, 160{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
151{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, 161{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
152{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"}, 162{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
153{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, 163{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
154{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, 164{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
155{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, 165{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
@@ -160,6 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
160{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, 170{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
161{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, 171{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
162{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, 172{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
173{ERR_REASON(RSA_R_VALUE_MISSING) ,"value missing"},
163{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, 174{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
164{0,NULL} 175{0,NULL}
165 }; 176 };
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 41278f83c6..767f7ab682 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -68,8 +68,6 @@
68#include <openssl/bn.h> 68#include <openssl/bn.h>
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70 70
71#ifndef OPENSSL_FIPS
72
73static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); 71static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
74 72
75/* NB: this wrapper would normally be placed in rsa_lib.c and the static 73/* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -219,4 +217,3 @@ err:
219 return ok; 217 return ok;
220 } 218 }
221 219
222#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 5714841f4c..de45088d76 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,6 +67,224 @@
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69 69
70const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
71
72static const RSA_METHOD *default_RSA_meth=NULL;
73
74RSA *RSA_new(void)
75 {
76 RSA *r=RSA_new_method(NULL);
77
78 return r;
79 }
80
81void RSA_set_default_method(const RSA_METHOD *meth)
82 {
83 default_RSA_meth = meth;
84 }
85
86const RSA_METHOD *RSA_get_default_method(void)
87 {
88 if (default_RSA_meth == NULL)
89 {
90#ifdef RSA_NULL
91 default_RSA_meth=RSA_null_method();
92#else
93#if 0 /* was: #ifdef RSAref */
94 default_RSA_meth=RSA_PKCS1_RSAref();
95#else
96 default_RSA_meth=RSA_PKCS1_SSLeay();
97#endif
98#endif
99 }
100
101 return default_RSA_meth;
102 }
103
104const RSA_METHOD *RSA_get_method(const RSA *rsa)
105 {
106 return rsa->meth;
107 }
108
109int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
110 {
111 /* NB: The caller is specifically setting a method, so it's not up to us
112 * to deal with which ENGINE it comes from. */
113 const RSA_METHOD *mtmp;
114 mtmp = rsa->meth;
115 if (mtmp->finish) mtmp->finish(rsa);
116#ifndef OPENSSL_NO_ENGINE
117 if (rsa->engine)
118 {
119 ENGINE_finish(rsa->engine);
120 rsa->engine = NULL;
121 }
122#endif
123 rsa->meth = meth;
124 if (meth->init) meth->init(rsa);
125 return 1;
126 }
127
128RSA *RSA_new_method(ENGINE *engine)
129 {
130 RSA *ret;
131
132 ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
133 if (ret == NULL)
134 {
135 RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
136 return NULL;
137 }
138
139 ret->meth = RSA_get_default_method();
140#ifndef OPENSSL_NO_ENGINE
141 if (engine)
142 {
143 if (!ENGINE_init(engine))
144 {
145 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
146 OPENSSL_free(ret);
147 return NULL;
148 }
149 ret->engine = engine;
150 }
151 else
152 ret->engine = ENGINE_get_default_RSA();
153 if(ret->engine)
154 {
155 ret->meth = ENGINE_get_RSA(ret->engine);
156 if(!ret->meth)
157 {
158 RSAerr(RSA_F_RSA_NEW_METHOD,
159 ERR_R_ENGINE_LIB);
160 ENGINE_finish(ret->engine);
161 OPENSSL_free(ret);
162 return NULL;
163 }
164 }
165#endif
166
167 ret->pad=0;
168 ret->version=0;
169 ret->n=NULL;
170 ret->e=NULL;
171 ret->d=NULL;
172 ret->p=NULL;
173 ret->q=NULL;
174 ret->dmp1=NULL;
175 ret->dmq1=NULL;
176 ret->iqmp=NULL;
177 ret->references=1;
178 ret->_method_mod_n=NULL;
179 ret->_method_mod_p=NULL;
180 ret->_method_mod_q=NULL;
181 ret->blinding=NULL;
182 ret->mt_blinding=NULL;
183 ret->bignum_data=NULL;
184 ret->flags=ret->meth->flags;
185 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
186 {
187#ifndef OPENSSL_NO_ENGINE
188 if (ret->engine)
189 ENGINE_finish(ret->engine);
190#endif
191 OPENSSL_free(ret);
192 return(NULL);
193 }
194
195 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
196 {
197#ifndef OPENSSL_NO_ENGINE
198 if (ret->engine)
199 ENGINE_finish(ret->engine);
200#endif
201 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
202 OPENSSL_free(ret);
203 ret=NULL;
204 }
205 return(ret);
206 }
207
208void RSA_free(RSA *r)
209 {
210 int i;
211
212 if (r == NULL) return;
213
214 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
215#ifdef REF_PRINT
216 REF_PRINT("RSA",r);
217#endif
218 if (i > 0) return;
219#ifdef REF_CHECK
220 if (i < 0)
221 {
222 fprintf(stderr,"RSA_free, bad reference count\n");
223 abort();
224 }
225#endif
226
227 if (r->meth->finish)
228 r->meth->finish(r);
229#ifndef OPENSSL_NO_ENGINE
230 if (r->engine)
231 ENGINE_finish(r->engine);
232#endif
233
234 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
235
236 if (r->n != NULL) BN_clear_free(r->n);
237 if (r->e != NULL) BN_clear_free(r->e);
238 if (r->d != NULL) BN_clear_free(r->d);
239 if (r->p != NULL) BN_clear_free(r->p);
240 if (r->q != NULL) BN_clear_free(r->q);
241 if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
242 if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
243 if (r->iqmp != NULL) BN_clear_free(r->iqmp);
244 if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
245 if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
246 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
247 OPENSSL_free(r);
248 }
249
250int RSA_up_ref(RSA *r)
251 {
252 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
253#ifdef REF_PRINT
254 REF_PRINT("RSA",r);
255#endif
256#ifdef REF_CHECK
257 if (i < 2)
258 {
259 fprintf(stderr, "RSA_up_ref, bad reference count\n");
260 abort();
261 }
262#endif
263 return ((i > 1) ? 1 : 0);
264 }
265
266int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
267 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
268 {
269 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
270 new_func, dup_func, free_func);
271 }
272
273int RSA_set_ex_data(RSA *r, int idx, void *arg)
274 {
275 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
276 }
277
278void *RSA_get_ex_data(const RSA *r, int idx)
279 {
280 return(CRYPTO_get_ex_data(&r->ex_data,idx));
281 }
282
283int RSA_size(const RSA *r)
284 {
285 return(BN_num_bytes(r->n));
286 }
287
70int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, 288int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
71 RSA *rsa, int padding) 289 RSA *rsa, int padding)
72 { 290 {
@@ -76,13 +294,6 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
76int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, 294int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
77 RSA *rsa, int padding) 295 RSA *rsa, int padding)
78 { 296 {
79#ifdef OPENSSL_FIPS
80 if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
81 {
82 RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
83 return 0;
84 }
85#endif
86 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); 297 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
87 } 298 }
88 299
@@ -95,19 +306,12 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
95int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, 306int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
96 RSA *rsa, int padding) 307 RSA *rsa, int padding)
97 { 308 {
98#ifdef OPENSSL_FIPS
99 if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
100 {
101 RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
102 return 0;
103 }
104#endif
105 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); 309 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
106 } 310 }
107 311
108int RSA_size(const RSA *r) 312int RSA_flags(const RSA *r)
109 { 313 {
110 return(BN_num_bytes(r->n)); 314 return((r == NULL)?0:r->meth->flags);
111 } 315 }
112 316
113void RSA_blinding_off(RSA *rsa) 317void RSA_blinding_off(RSA *rsa)
@@ -222,7 +426,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
222 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB); 426 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
223 goto err; 427 goto err;
224 } 428 }
225 BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); 429 CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
226err: 430err:
227 BN_CTX_end(ctx); 431 BN_CTX_end(ctx);
228 if (in_ctx == NULL) 432 if (in_ctx == NULL)
@@ -232,3 +436,48 @@ err:
232 436
233 return ret; 437 return ret;
234} 438}
439
440int RSA_memory_lock(RSA *r)
441 {
442 int i,j,k,off;
443 char *p;
444 BIGNUM *bn,**t[6],*b;
445 BN_ULONG *ul;
446
447 if (r->d == NULL) return(1);
448 t[0]= &r->d;
449 t[1]= &r->p;
450 t[2]= &r->q;
451 t[3]= &r->dmp1;
452 t[4]= &r->dmq1;
453 t[5]= &r->iqmp;
454 k=sizeof(BIGNUM)*6;
455 off=k/sizeof(BN_ULONG)+1;
456 j=1;
457 for (i=0; i<6; i++)
458 j+= (*t[i])->top;
459 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
460 {
461 RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
462 return(0);
463 }
464 bn=(BIGNUM *)p;
465 ul=(BN_ULONG *)&(p[off]);
466 for (i=0; i<6; i++)
467 {
468 b= *(t[i]);
469 *(t[i])= &(bn[i]);
470 memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
471 bn[i].flags=BN_FLG_STATIC_DATA;
472 bn[i].d=ul;
473 memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
474 ul+=b->top;
475 BN_clear_free(b);
476 }
477
478 /* I should fix this so it can still be done */
479 r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
480
481 r->bignum_data=p;
482 return(1);
483 }
diff --git a/src/lib/libcrypto/rsa/rsa_locl.h b/src/lib/libcrypto/rsa/rsa_locl.h
new file mode 100644
index 0000000000..f5d2d56628
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_locl.h
@@ -0,0 +1,4 @@
1extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
2 unsigned char *rm, size_t *prm_len,
3 const unsigned char *sigbuf, size_t siglen,
4 RSA *rsa);
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 4d30c9d2d3..e238d10e5c 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,7 +28,7 @@
28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/sha.h> 29#include <openssl/sha.h>
30 30
31int MGF1(unsigned char *mask, long len, 31static int MGF1(unsigned char *mask, long len,
32 const unsigned char *seed, long seedlen); 32 const unsigned char *seed, long seedlen);
33 33
34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -52,13 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
52 return 0; 52 return 0;
53 } 53 }
54 54
55 dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
56 if (dbmask == NULL)
57 {
58 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
59 return 0;
60 }
61
62 to[0] = 0; 55 to[0] = 0;
63 seed = to + 1; 56 seed = to + 1;
64 db = to + SHA_DIGEST_LENGTH + 1; 57 db = to + SHA_DIGEST_LENGTH + 1;
@@ -76,11 +69,20 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
76 20); 69 20);
77#endif 70#endif
78 71
79 MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); 72 dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
73 if (dbmask == NULL)
74 {
75 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
76 return 0;
77 }
78
79 if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
80 return 0;
80 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) 81 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
81 db[i] ^= dbmask[i]; 82 db[i] ^= dbmask[i];
82 83
83 MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); 84 if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
85 return 0;
84 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 86 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
85 seed[i] ^= seedmask[i]; 87 seed[i] ^= seedmask[i];
86 88
@@ -133,11 +135,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
133 135
134 maskeddb = padded_from + SHA_DIGEST_LENGTH; 136 maskeddb = padded_from + SHA_DIGEST_LENGTH;
135 137
136 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); 138 if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
139 return -1;
137 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 140 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
138 seed[i] ^= padded_from[i]; 141 seed[i] ^= padded_from[i];
139 142
140 MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); 143 if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
144 return -1;
141 for (i = 0; i < dblen; i++) 145 for (i = 0; i < dblen; i++)
142 db[i] ^= maskeddb[i]; 146 db[i] ^= maskeddb[i];
143 147
@@ -187,7 +191,9 @@ int PKCS1_MGF1(unsigned char *mask, long len,
187 int mdlen; 191 int mdlen;
188 192
189 EVP_MD_CTX_init(&c); 193 EVP_MD_CTX_init(&c);
190 mdlen = M_EVP_MD_size(dgst); 194 mdlen = EVP_MD_size(dgst);
195 if (mdlen < 0)
196 return -1;
191 for (i = 0; outlen < len; i++) 197 for (i = 0; outlen < len; i++)
192 { 198 {
193 cnt[0] = (unsigned char)((i >> 24) & 255); 199 cnt[0] = (unsigned char)((i >> 24) & 255);
@@ -213,7 +219,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
213 return 0; 219 return 0;
214 } 220 }
215 221
216int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen) 222static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
223 long seedlen)
217 { 224 {
218 return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1()); 225 return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
219 } 226 }
diff --git a/src/lib/libcrypto/rsa/rsa_pmeth.c b/src/lib/libcrypto/rsa/rsa_pmeth.c
new file mode 100644
index 0000000000..c6892ecd09
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_pmeth.c
@@ -0,0 +1,587 @@
1/* crypto/rsa/rsa_pmeth.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63#include <openssl/rsa.h>
64#include <openssl/bn.h>
65#include <openssl/evp.h>
66#include "evp_locl.h"
67#include "rsa_locl.h"
68
69/* RSA pkey context structure */
70
71typedef struct
72 {
73 /* Key gen parameters */
74 int nbits;
75 BIGNUM *pub_exp;
76 /* Keygen callback info */
77 int gentmp[2];
78 /* RSA padding mode */
79 int pad_mode;
80 /* message digest */
81 const EVP_MD *md;
82 /* PSS/OAEP salt length */
83 int saltlen;
84 /* Temp buffer */
85 unsigned char *tbuf;
86 } RSA_PKEY_CTX;
87
88static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
89 {
90 RSA_PKEY_CTX *rctx;
91 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
92 if (!rctx)
93 return 0;
94 rctx->nbits = 1024;
95 rctx->pub_exp = NULL;
96 rctx->pad_mode = RSA_PKCS1_PADDING;
97 rctx->md = NULL;
98 rctx->tbuf = NULL;
99
100 rctx->saltlen = -2;
101
102 ctx->data = rctx;
103 ctx->keygen_info = rctx->gentmp;
104 ctx->keygen_info_count = 2;
105
106 return 1;
107 }
108
109static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
110 {
111 RSA_PKEY_CTX *dctx, *sctx;
112 if (!pkey_rsa_init(dst))
113 return 0;
114 sctx = src->data;
115 dctx = dst->data;
116 dctx->nbits = sctx->nbits;
117 if (sctx->pub_exp)
118 {
119 dctx->pub_exp = BN_dup(sctx->pub_exp);
120 if (!dctx->pub_exp)
121 return 0;
122 }
123 dctx->pad_mode = sctx->pad_mode;
124 dctx->md = sctx->md;
125 return 1;
126 }
127
128static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
129 {
130 if (ctx->tbuf)
131 return 1;
132 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
133 if (!ctx->tbuf)
134 return 0;
135 return 1;
136 }
137
138static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
139 {
140 RSA_PKEY_CTX *rctx = ctx->data;
141 if (rctx)
142 {
143 if (rctx->pub_exp)
144 BN_free(rctx->pub_exp);
145 if (rctx->tbuf)
146 OPENSSL_free(rctx->tbuf);
147 OPENSSL_free(rctx);
148 }
149 }
150
151static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
152 const unsigned char *tbs, size_t tbslen)
153 {
154 int ret;
155 RSA_PKEY_CTX *rctx = ctx->data;
156 RSA *rsa = ctx->pkey->pkey.rsa;
157
158 if (rctx->md)
159 {
160 if (tbslen != (size_t)EVP_MD_size(rctx->md))
161 {
162 RSAerr(RSA_F_PKEY_RSA_SIGN,
163 RSA_R_INVALID_DIGEST_LENGTH);
164 return -1;
165 }
166 if (rctx->pad_mode == RSA_X931_PADDING)
167 {
168 if (!setup_tbuf(rctx, ctx))
169 return -1;
170 memcpy(rctx->tbuf, tbs, tbslen);
171 rctx->tbuf[tbslen] =
172 RSA_X931_hash_id(EVP_MD_type(rctx->md));
173 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
174 sig, rsa, RSA_X931_PADDING);
175 }
176 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
177 {
178 unsigned int sltmp;
179 ret = RSA_sign(EVP_MD_type(rctx->md),
180 tbs, tbslen, sig, &sltmp, rsa);
181 if (ret <= 0)
182 return ret;
183 ret = sltmp;
184 }
185 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
186 {
187 if (!setup_tbuf(rctx, ctx))
188 return -1;
189 if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
190 rctx->md, rctx->saltlen))
191 return -1;
192 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
193 sig, rsa, RSA_NO_PADDING);
194 }
195 else
196 return -1;
197 }
198 else
199 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
200 rctx->pad_mode);
201 if (ret < 0)
202 return ret;
203 *siglen = ret;
204 return 1;
205 }
206
207
208static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
209 unsigned char *rout, size_t *routlen,
210 const unsigned char *sig, size_t siglen)
211 {
212 int ret;
213 RSA_PKEY_CTX *rctx = ctx->data;
214
215 if (rctx->md)
216 {
217 if (rctx->pad_mode == RSA_X931_PADDING)
218 {
219 if (!setup_tbuf(rctx, ctx))
220 return -1;
221 ret = RSA_public_decrypt(siglen, sig,
222 rctx->tbuf, ctx->pkey->pkey.rsa,
223 RSA_X931_PADDING);
224 if (ret < 1)
225 return 0;
226 ret--;
227 if (rctx->tbuf[ret] !=
228 RSA_X931_hash_id(EVP_MD_type(rctx->md)))
229 {
230 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
231 RSA_R_ALGORITHM_MISMATCH);
232 return 0;
233 }
234 if (ret != EVP_MD_size(rctx->md))
235 {
236 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
237 RSA_R_INVALID_DIGEST_LENGTH);
238 return 0;
239 }
240 if (rout)
241 memcpy(rout, rctx->tbuf, ret);
242 }
243 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
244 {
245 size_t sltmp;
246 ret = int_rsa_verify(EVP_MD_type(rctx->md),
247 NULL, 0, rout, &sltmp,
248 sig, siglen, ctx->pkey->pkey.rsa);
249 if (ret <= 0)
250 return 0;
251 ret = sltmp;
252 }
253 else
254 return -1;
255 }
256 else
257 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
258 rctx->pad_mode);
259 if (ret < 0)
260 return ret;
261 *routlen = ret;
262 return 1;
263 }
264
265static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
266 const unsigned char *sig, size_t siglen,
267 const unsigned char *tbs, size_t tbslen)
268 {
269 RSA_PKEY_CTX *rctx = ctx->data;
270 RSA *rsa = ctx->pkey->pkey.rsa;
271 size_t rslen;
272 if (rctx->md)
273 {
274 if (rctx->pad_mode == RSA_PKCS1_PADDING)
275 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
276 sig, siglen, rsa);
277 if (rctx->pad_mode == RSA_X931_PADDING)
278 {
279 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
280 sig, siglen) <= 0)
281 return 0;
282 }
283 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
284 {
285 int ret;
286 if (!setup_tbuf(rctx, ctx))
287 return -1;
288 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
289 rsa, RSA_NO_PADDING);
290 if (ret <= 0)
291 return 0;
292 ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
293 rctx->tbuf, rctx->saltlen);
294 if (ret <= 0)
295 return 0;
296 return 1;
297 }
298 else
299 return -1;
300 }
301 else
302 {
303 if (!setup_tbuf(rctx, ctx))
304 return -1;
305 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
306 rsa, rctx->pad_mode);
307 if (rslen == 0)
308 return 0;
309 }
310
311 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
312 return 0;
313
314 return 1;
315
316 }
317
318
319static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
320 unsigned char *out, size_t *outlen,
321 const unsigned char *in, size_t inlen)
322 {
323 int ret;
324 RSA_PKEY_CTX *rctx = ctx->data;
325 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
326 rctx->pad_mode);
327 if (ret < 0)
328 return ret;
329 *outlen = ret;
330 return 1;
331 }
332
333static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
334 unsigned char *out, size_t *outlen,
335 const unsigned char *in, size_t inlen)
336 {
337 int ret;
338 RSA_PKEY_CTX *rctx = ctx->data;
339 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
340 rctx->pad_mode);
341 if (ret < 0)
342 return ret;
343 *outlen = ret;
344 return 1;
345 }
346
347static int check_padding_md(const EVP_MD *md, int padding)
348 {
349 if (!md)
350 return 1;
351
352 if (padding == RSA_NO_PADDING)
353 {
354 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
355 return 0;
356 }
357
358 if (padding == RSA_X931_PADDING)
359 {
360 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
361 {
362 RSAerr(RSA_F_CHECK_PADDING_MD,
363 RSA_R_INVALID_X931_DIGEST);
364 return 0;
365 }
366 return 1;
367 }
368
369 return 1;
370 }
371
372
373static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
374 {
375 RSA_PKEY_CTX *rctx = ctx->data;
376 switch (type)
377 {
378 case EVP_PKEY_CTRL_RSA_PADDING:
379 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
380 {
381 if (!check_padding_md(rctx->md, p1))
382 return 0;
383 if (p1 == RSA_PKCS1_PSS_PADDING)
384 {
385 if (!(ctx->operation &
386 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
387 goto bad_pad;
388 if (!rctx->md)
389 rctx->md = EVP_sha1();
390 }
391 if (p1 == RSA_PKCS1_OAEP_PADDING)
392 {
393 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
394 goto bad_pad;
395 if (!rctx->md)
396 rctx->md = EVP_sha1();
397 }
398 rctx->pad_mode = p1;
399 return 1;
400 }
401 bad_pad:
402 RSAerr(RSA_F_PKEY_RSA_CTRL,
403 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
404 return -2;
405
406 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
407 if (p1 < -2)
408 return -2;
409 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
410 {
411 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
412 return -2;
413 }
414 rctx->saltlen = p1;
415 return 1;
416
417 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
418 if (p1 < 256)
419 {
420 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
421 return -2;
422 }
423 rctx->nbits = p1;
424 return 1;
425
426 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
427 if (!p2)
428 return -2;
429 rctx->pub_exp = p2;
430 return 1;
431
432 case EVP_PKEY_CTRL_MD:
433 if (!check_padding_md(p2, rctx->pad_mode))
434 return 0;
435 rctx->md = p2;
436 return 1;
437
438 case EVP_PKEY_CTRL_DIGESTINIT:
439 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
440 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
441 case EVP_PKEY_CTRL_PKCS7_SIGN:
442#ifndef OPENSSL_NO_CMS
443 case EVP_PKEY_CTRL_CMS_ENCRYPT:
444 case EVP_PKEY_CTRL_CMS_DECRYPT:
445 case EVP_PKEY_CTRL_CMS_SIGN:
446#endif
447 return 1;
448 case EVP_PKEY_CTRL_PEER_KEY:
449 RSAerr(RSA_F_PKEY_RSA_CTRL,
450 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
451 return -2;
452
453 default:
454 return -2;
455
456 }
457 }
458
459static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
460 const char *type, const char *value)
461 {
462 if (!value)
463 {
464 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
465 return 0;
466 }
467 if (!strcmp(type, "rsa_padding_mode"))
468 {
469 int pm;
470 if (!strcmp(value, "pkcs1"))
471 pm = RSA_PKCS1_PADDING;
472 else if (!strcmp(value, "sslv23"))
473 pm = RSA_SSLV23_PADDING;
474 else if (!strcmp(value, "none"))
475 pm = RSA_NO_PADDING;
476 else if (!strcmp(value, "oeap"))
477 pm = RSA_PKCS1_OAEP_PADDING;
478 else if (!strcmp(value, "x931"))
479 pm = RSA_X931_PADDING;
480 else if (!strcmp(value, "pss"))
481 pm = RSA_PKCS1_PSS_PADDING;
482 else
483 {
484 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
485 RSA_R_UNKNOWN_PADDING_TYPE);
486 return -2;
487 }
488 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
489 }
490
491 if (!strcmp(type, "rsa_pss_saltlen"))
492 {
493 int saltlen;
494 saltlen = atoi(value);
495 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
496 }
497
498 if (!strcmp(type, "rsa_keygen_bits"))
499 {
500 int nbits;
501 nbits = atoi(value);
502 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
503 }
504
505 if (!strcmp(type, "rsa_keygen_pubexp"))
506 {
507 int ret;
508 BIGNUM *pubexp = NULL;
509 if (!BN_asc2bn(&pubexp, value))
510 return 0;
511 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
512 if (ret <= 0)
513 BN_free(pubexp);
514 return ret;
515 }
516
517 return -2;
518 }
519
520static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
521 {
522 RSA *rsa = NULL;
523 RSA_PKEY_CTX *rctx = ctx->data;
524 BN_GENCB *pcb, cb;
525 int ret;
526 if (!rctx->pub_exp)
527 {
528 rctx->pub_exp = BN_new();
529 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
530 return 0;
531 }
532 rsa = RSA_new();
533 if (!rsa)
534 return 0;
535 if (ctx->pkey_gencb)
536 {
537 pcb = &cb;
538 evp_pkey_set_cb_translate(pcb, ctx);
539 }
540 else
541 pcb = NULL;
542 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
543 if (ret > 0)
544 EVP_PKEY_assign_RSA(pkey, rsa);
545 else
546 RSA_free(rsa);
547 return ret;
548 }
549
550const EVP_PKEY_METHOD rsa_pkey_meth =
551 {
552 EVP_PKEY_RSA,
553 EVP_PKEY_FLAG_AUTOARGLEN,
554 pkey_rsa_init,
555 pkey_rsa_copy,
556 pkey_rsa_cleanup,
557
558 0,0,
559
560 0,
561 pkey_rsa_keygen,
562
563 0,
564 pkey_rsa_sign,
565
566 0,
567 pkey_rsa_verify,
568
569 0,
570 pkey_rsa_verifyrecover,
571
572
573 0,0,0,0,
574
575 0,
576 pkey_rsa_encrypt,
577
578 0,
579 pkey_rsa_decrypt,
580
581 0,0,
582
583 pkey_rsa_ctrl,
584 pkey_rsa_ctrl_str
585
586
587 };
diff --git a/src/lib/libcrypto/rsa/rsa_prn.c b/src/lib/libcrypto/rsa/rsa_prn.c
new file mode 100644
index 0000000000..224db0fae5
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_prn.c
@@ -0,0 +1,93 @@
1/* crypto/rsa/rsa_prn.c */
2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/rsa.h>
62#include <openssl/evp.h>
63
64#ifndef OPENSSL_NO_FP_API
65int RSA_print_fp(FILE *fp, const RSA *x, int off)
66 {
67 BIO *b;
68 int ret;
69
70 if ((b=BIO_new(BIO_s_file())) == NULL)
71 {
72 RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
73 return(0);
74 }
75 BIO_set_fp(b,fp,BIO_NOCLOSE);
76 ret=RSA_print(b,x,off);
77 BIO_free(b);
78 return(ret);
79 }
80#endif
81
82int RSA_print(BIO *bp, const RSA *x, int off)
83 {
84 EVP_PKEY *pk;
85 int ret;
86 pk = EVP_PKEY_new();
87 if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
88 return 0;
89 ret = EVP_PKEY_print_private(bp, pk, off, NULL);
90 EVP_PKEY_free(pk);
91 return ret;
92 }
93
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index 9b993aca49..ac211e2ffe 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -81,7 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
81 EVP_MD_CTX ctx; 81 EVP_MD_CTX ctx;
82 unsigned char H_[EVP_MAX_MD_SIZE]; 82 unsigned char H_[EVP_MAX_MD_SIZE];
83 83
84 hLen = M_EVP_MD_size(Hash); 84 hLen = EVP_MD_size(Hash);
85 if (hLen < 0)
86 goto err;
85 /* 87 /*
86 * Negative sLen has special meanings: 88 * Negative sLen has special meanings:
87 * -1 sLen == hLen 89 * -1 sLen == hLen
@@ -126,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
126 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE); 128 RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
127 goto err; 129 goto err;
128 } 130 }
129 PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash); 131 if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
132 goto err;
130 for (i = 0; i < maskedDBLen; i++) 133 for (i = 0; i < maskedDBLen; i++)
131 DB[i] ^= EM[i]; 134 DB[i] ^= EM[i];
132 if (MSBits) 135 if (MSBits)
@@ -176,7 +179,9 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
176 unsigned char *H, *salt = NULL, *p; 179 unsigned char *H, *salt = NULL, *p;
177 EVP_MD_CTX ctx; 180 EVP_MD_CTX ctx;
178 181
179 hLen = M_EVP_MD_size(Hash); 182 hLen = EVP_MD_size(Hash);
183 if (hLen < 0)
184 goto err;
180 /* 185 /*
181 * Negative sLen has special meanings: 186 * Negative sLen has special meanings:
182 * -1 sLen == hLen 187 * -1 sLen == hLen
@@ -217,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
217 ERR_R_MALLOC_FAILURE); 222 ERR_R_MALLOC_FAILURE);
218 goto err; 223 goto err;
219 } 224 }
220 if (!RAND_bytes(salt, sLen)) 225 if (RAND_bytes(salt, sLen) <= 0)
221 goto err; 226 goto err;
222 } 227 }
223 maskedDBLen = emLen - hLen - 1; 228 maskedDBLen = emLen - hLen - 1;
@@ -232,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
232 EVP_MD_CTX_cleanup(&ctx); 237 EVP_MD_CTX_cleanup(&ctx);
233 238
234 /* Generate dbMask in place then perform XOR on it */ 239 /* Generate dbMask in place then perform XOR on it */
235 PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash); 240 if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
241 goto err;
236 242
237 p = EM; 243 p = EM;
238 244
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 5488c06f6d..0be4ec7fb0 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -62,6 +62,7 @@
62#include <openssl/rsa.h> 62#include <openssl/rsa.h>
63#include <openssl/objects.h> 63#include <openssl/objects.h>
64#include <openssl/x509.h> 64#include <openssl/x509.h>
65#include "rsa_locl.h"
65 66
66/* Size of an SSL signature: MD5+SHA1 */ 67/* Size of an SSL signature: MD5+SHA1 */
67#define SSL_SIG_LENGTH 36 68#define SSL_SIG_LENGTH 36
@@ -90,14 +91,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
90 i = SSL_SIG_LENGTH; 91 i = SSL_SIG_LENGTH;
91 s = m; 92 s = m;
92 } else { 93 } else {
93 /* NB: in FIPS mode block anything that isn't a TLS signature */
94#ifdef OPENSSL_FIPS
95 if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
96 {
97 RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
98 return 0;
99 }
100#endif
101 sig.algor= &algor; 94 sig.algor= &algor;
102 sig.algor->algorithm=OBJ_nid2obj(type); 95 sig.algor->algorithm=OBJ_nid2obj(type);
103 if (sig.algor->algorithm == NULL) 96 if (sig.algor->algorithm == NULL)
@@ -150,8 +143,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
150 return(ret); 143 return(ret);
151 } 144 }
152 145
153int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, 146int int_rsa_verify(int dtype, const unsigned char *m,
154 unsigned char *sigbuf, unsigned int siglen, RSA *rsa) 147 unsigned int m_len,
148 unsigned char *rm, size_t *prm_len,
149 const unsigned char *sigbuf, size_t siglen,
150 RSA *rsa)
155 { 151 {
156 int i,ret=0,sigtype; 152 int i,ret=0,sigtype;
157 unsigned char *s; 153 unsigned char *s;
@@ -159,38 +155,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
159 155
160 if (siglen != (unsigned int)RSA_size(rsa)) 156 if (siglen != (unsigned int)RSA_size(rsa))
161 { 157 {
162 RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); 158 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
163 return(0); 159 return(0);
164 } 160 }
165 161
166 if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) 162 if((dtype == NID_md5_sha1) && rm)
167 { 163 {
168 return rsa->meth->rsa_verify(dtype, m, m_len, 164 i = RSA_public_decrypt((int)siglen,
169 sigbuf, siglen, rsa); 165 sigbuf,rm,rsa,RSA_PKCS1_PADDING);
166 if (i <= 0)
167 return 0;
168 *prm_len = i;
169 return 1;
170 } 170 }
171 171
172 s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); 172 s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
173 if (s == NULL) 173 if (s == NULL)
174 { 174 {
175 RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); 175 RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
176 goto err; 176 goto err;
177 } 177 }
178 if(dtype == NID_md5_sha1) 178 if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
179 { 179 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
180 if (m_len != SSL_SIG_LENGTH)
181 {
182 RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
183 goto err; 180 goto err;
184 } 181 }
185 }
186 /* NB: in FIPS mode block anything that isn't a TLS signature */
187#ifdef OPENSSL_FIPS
188 else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
189 {
190 RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
191 return 0;
192 }
193#endif
194 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); 182 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
195 183
196 if (i <= 0) goto err; 184 if (i <= 0) goto err;
@@ -198,7 +186,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
198 /* Special case: SSL signature */ 186 /* Special case: SSL signature */
199 if(dtype == NID_md5_sha1) { 187 if(dtype == NID_md5_sha1) {
200 if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) 188 if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
201 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); 189 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
202 else ret = 1; 190 else ret = 1;
203 } else { 191 } else {
204 const unsigned char *p=s; 192 const unsigned char *p=s;
@@ -209,7 +197,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
209 /* Excess data can be used to create forgeries */ 197 /* Excess data can be used to create forgeries */
210 if(p != s+i) 198 if(p != s+i)
211 { 199 {
212 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); 200 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
213 goto err; 201 goto err;
214 } 202 }
215 203
@@ -218,7 +206,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
218 if(sig->algor->parameter 206 if(sig->algor->parameter
219 && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) 207 && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
220 { 208 {
221 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); 209 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
222 goto err; 210 goto err;
223 } 211 }
224 212
@@ -244,15 +232,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
244 } 232 }
245 else 233 else
246 { 234 {
247 RSAerr(RSA_F_RSA_VERIFY, 235 RSAerr(RSA_F_INT_RSA_VERIFY,
248 RSA_R_ALGORITHM_MISMATCH); 236 RSA_R_ALGORITHM_MISMATCH);
249 goto err; 237 goto err;
250 } 238 }
251 } 239 }
252 if ( ((unsigned int)sig->digest->length != m_len) || 240 if (rm)
241 {
242 const EVP_MD *md;
243 md = EVP_get_digestbynid(dtype);
244 if (md && (EVP_MD_size(md) != sig->digest->length))
245 RSAerr(RSA_F_INT_RSA_VERIFY,
246 RSA_R_INVALID_DIGEST_LENGTH);
247 else
248 {
249 memcpy(rm, sig->digest->data,
250 sig->digest->length);
251 *prm_len = sig->digest->length;
252 ret = 1;
253 }
254 }
255 else if (((unsigned int)sig->digest->length != m_len) ||
253 (memcmp(m,sig->digest->data,m_len) != 0)) 256 (memcmp(m,sig->digest->data,m_len) != 0))
254 { 257 {
255 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); 258 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
256 } 259 }
257 else 260 else
258 ret=1; 261 ret=1;
@@ -267,3 +270,16 @@ err:
267 return(ret); 270 return(ret);
268 } 271 }
269 272
273int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
274 const unsigned char *sigbuf, unsigned int siglen,
275 RSA *rsa)
276 {
277
278 if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
279 {
280 return rsa->meth->rsa_verify(dtype, m, m_len,
281 sigbuf, siglen, rsa);
282 }
283
284 return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
285 }
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2026-01-08 09:48:29 +0000