1 files changed, 0 insertions, 579 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
deleted file mode 100644
index cde5ca27d5..0000000000
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,579 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/engine.h>
-#ifndef RSA_NULL
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
-        "Eric Young's PKCS#1 RSA",
-        RSA_eay_public_encrypt,
-        RSA_eay_public_decrypt,
-        RSA_eay_private_encrypt,
-        RSA_eay_private_decrypt,
-        RSA_eay_mod_exp,
-        BN_mod_exp_mont,
-        RSA_eay_init,
-        RSA_eay_finish,
-        0,
-        NULL,
-        };
-RSA_METHOD *RSA_PKCS1_SSLeay(void)
-        {
-        return(&rsa_pkcs1_eay_meth);
-        }
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
-                break;
-#ifndef NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                i=RSA_padding_add_SSLv23(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                BN_MONT_CTX* bn_mont_ctx;
-                if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                        goto err;
-                if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
-                        {
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                        goto err;
-                        }
-                if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
-                        {
-                        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                        if (rsa->_method_mod_n == NULL)
-                                {
-                                rsa->_method_mod_n = bn_mont_ctx;
-                                bn_mont_ctx = NULL;
-                                }
-                        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                        }
-                if (bn_mont_ctx)
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                }
-        if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL) 
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        case RSA_SSLV23_PADDING:
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-                RSA_blinding_on(rsa,ctx);
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
-        else
-                {
-                if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
-                }
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&ret);
-        BN_clear_free(&f);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int j,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-        /* make data into a big number */
-        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-                RSA_blinding_on(rsa,ctx);
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
-        /* do the decrypt */
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
-        else
-                {
-                if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
-                        goto err;
-                }
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
-        p=buf;
-        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
-                break;
-#ifndef NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                r=RSA_padding_check_SSLv23(to,num,buf,j,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,j,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int i,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        buf=(unsigned char *)OPENSSL_malloc(num);
-        if (buf == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
-        /* do the decrypt */
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                BN_MONT_CTX* bn_mont_ctx;
-                if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                        goto err;
-                if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
-                        {
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                        goto err;
-                        }
-                if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
-                        {
-                        CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                        if (rsa->_method_mod_n == NULL)
-                                {
-                                rsa->_method_mod_n = bn_mont_ctx;
-                                bn_mont_ctx = NULL;
-                                }
-                        CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                        }
-                if (bn_mont_ctx)
-                        BN_MONT_CTX_free(bn_mont_ctx);
-                }
-        if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-        p=buf;
-        i=BN_bn2bin(&ret,p);
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,i,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM r1,m1,vrfy;
-        int ret=0;
-        BN_CTX *ctx;
-        meth = ENGINE_get_RSA(rsa->engine);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        BN_init(&m1);
-        BN_init(&r1);
-        BN_init(&vrfy);
-        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-                {
-                if (rsa->_method_mod_p == NULL)
-                        {
-                        BN_MONT_CTX* bn_mont_ctx;
-                        if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                                goto err;
-                        if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
-                                {
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                                goto err;
-                                }
-                        if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
-                                {
-                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                                if (rsa->_method_mod_p == NULL)
-                                        {
-                                        rsa->_method_mod_p = bn_mont_ctx;
-                                        bn_mont_ctx = NULL;
-                                        }
-                                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                                }
-                        if (bn_mont_ctx)
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                        }
-                if (rsa->_method_mod_q == NULL)
-                        {
-                        BN_MONT_CTX* bn_mont_ctx;
-                        if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
-                                goto err;
-                        if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
-                                {
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                                goto err;
-                                }
-                        if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
-                                {
-                                CRYPTO_w_lock(CRYPTO_LOCK_RSA);
-                                if (rsa->_method_mod_q == NULL)
-                                        {
-                                        rsa->_method_mod_q = bn_mont_ctx;
-                                        bn_mont_ctx = NULL;
-                                        }
-                                CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
-                                }
-                        if (bn_mont_ctx)
-                                BN_MONT_CTX_free(bn_mont_ctx);
-                        }
-                }
-                
-        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
-                rsa->_method_mod_q)) goto err;
-        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
-                rsa->_method_mod_p)) goto err;
-        if (!BN_sub(r0,r0,&m1)) goto err;
-        /* This will help stop the size of r0 increasing, which does
-         * affect the multiply if it optimised for a power of 2 size */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
-        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
-        /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
-         * negative. This can break the private key operations: the following
-         * second correction should *always* correct this rare occurrence.
-         * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
-        if (!BN_add(r0,&r1,&m1)) goto err;
-        if (rsa->e && rsa->n)
-                {
-                if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
-                if (BN_cmp(I, &vrfy) != 0)
-                        {
-                        if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
-                        }
-                }
-        ret=1;
-err:
-        BN_clear_free(&m1);
-        BN_clear_free(&r1);
-        BN_clear_free(&vrfy);
-        BN_CTX_free(ctx);
-        return(ret);
-        }
-static int RSA_eay_init(RSA *rsa)
-        {
-        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-        return(1);
-        }
-static int RSA_eay_finish(RSA *rsa)
-        {
-        if (rsa->_method_mod_n != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_n);
-        if (rsa->_method_mod_p != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_p);
-        if (rsa->_method_mod_q != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_q);
-        return(1);
-        }
-#endif

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c deleted file mode 100644 index cde5ca27d5..0000000000 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ /dev/null
@@ -1,579 +0,0 @@
1	/* crypto/rsa/rsa_eay.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include "cryptlib.h"
61	#include <openssl/bn.h>
62	#include <openssl/rsa.h>
63	#include <openssl/rand.h>
64	#include <openssl/engine.h>
65
66	#ifndef RSA_NULL
67
68	static int RSA_eay_public_encrypt(int flen, unsigned char *from,
69	unsigned char to, RSA rsa,int padding);
70	static int RSA_eay_private_encrypt(int flen, unsigned char *from,
71	unsigned char to, RSA rsa,int padding);
72	static int RSA_eay_public_decrypt(int flen, unsigned char *from,
73	unsigned char to, RSA rsa,int padding);
74	static int RSA_eay_private_decrypt(int flen, unsigned char *from,
75	unsigned char to, RSA rsa,int padding);
76	static int RSA_eay_mod_exp(BIGNUM r0, BIGNUM i, RSA *rsa);
77	static int RSA_eay_init(RSA *rsa);
78	static int RSA_eay_finish(RSA *rsa);
79	static RSA_METHOD rsa_pkcs1_eay_meth={
80	"Eric Young's PKCS#1 RSA",
81	RSA_eay_public_encrypt,
82	RSA_eay_public_decrypt,
83	RSA_eay_private_encrypt,
84	RSA_eay_private_decrypt,
85	RSA_eay_mod_exp,
86	BN_mod_exp_mont,
87	RSA_eay_init,
88	RSA_eay_finish,
89	0,
90	NULL,
91	};
92
93	RSA_METHOD *RSA_PKCS1_SSLeay(void)
94	{
95	return(&rsa_pkcs1_eay_meth);
96	}
97
98	static int RSA_eay_public_encrypt(int flen, unsigned char *from,
99	unsigned char to, RSA rsa, int padding)
100	{
101	const RSA_METHOD *meth;
102	BIGNUM f,ret;
103	int i,j,k,num=0,r= -1;
104	unsigned char *buf=NULL;
105	BN_CTX *ctx=NULL;
106
107	meth = ENGINE_get_RSA(rsa->engine);
108	BN_init(&f);
109	BN_init(&ret);
110	if ((ctx=BN_CTX_new()) == NULL) goto err;
111	num=BN_num_bytes(rsa->n);
112	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
113	{
114	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
115	goto err;
116	}
117
118	switch (padding)
119	{
120	case RSA_PKCS1_PADDING:
121	i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
122	break;
123	#ifndef NO_SHA
124	case RSA_PKCS1_OAEP_PADDING:
125	i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
126	break;
127	#endif
128	case RSA_SSLV23_PADDING:
129	i=RSA_padding_add_SSLv23(buf,num,from,flen);
130	break;
131	case RSA_NO_PADDING:
132	i=RSA_padding_add_none(buf,num,from,flen);
133	break;
134	default:
135	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
136	goto err;
137	}
138	if (i <= 0) goto err;
139
140	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
141
142	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
143	{
144	BN_MONT_CTX* bn_mont_ctx;
145	if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
146	goto err;
147	if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
148	{
149	BN_MONT_CTX_free(bn_mont_ctx);
150	goto err;
151	}
152	if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
153	{
154	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
155	if (rsa->_method_mod_n == NULL)
156	{
157	rsa->_method_mod_n = bn_mont_ctx;
158	bn_mont_ctx = NULL;
159	}
160	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
161	}
162	if (bn_mont_ctx)
163	BN_MONT_CTX_free(bn_mont_ctx);
164	}
165
166	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
167	rsa->_method_mod_n)) goto err;
168
169	/* put in leading 0 bytes if the number is less than the
170	* length of the modulus */
171	j=BN_num_bytes(&ret);
172	i=BN_bn2bin(&ret,&(to[num-j]));
173	for (k=0; k<(num-i); k++)
174	to[k]=0;
175
176	r=num;
177	err:
178	if (ctx != NULL) BN_CTX_free(ctx);
179	BN_clear_free(&f);
180	BN_clear_free(&ret);
181	if (buf != NULL)
182	{
183	memset(buf,0,num);
184	OPENSSL_free(buf);
185	}
186	return(r);
187	}
188
189	static int RSA_eay_private_encrypt(int flen, unsigned char *from,
190	unsigned char to, RSA rsa, int padding)
191	{
192	const RSA_METHOD *meth;
193	BIGNUM f,ret;
194	int i,j,k,num=0,r= -1;
195	unsigned char *buf=NULL;
196	BN_CTX *ctx=NULL;
197
198	meth = ENGINE_get_RSA(rsa->engine);
199	BN_init(&f);
200	BN_init(&ret);
201
202	if ((ctx=BN_CTX_new()) == NULL) goto err;
203	num=BN_num_bytes(rsa->n);
204	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
205	{
206	RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
207	goto err;
208	}
209
210	switch (padding)
211	{
212	case RSA_PKCS1_PADDING:
213	i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
214	break;
215	case RSA_NO_PADDING:
216	i=RSA_padding_add_none(buf,num,from,flen);
217	break;
218	case RSA_SSLV23_PADDING:
219	default:
220	RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
221	goto err;
222	}
223	if (i <= 0) goto err;
224
225	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
226
227	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
228	RSA_blinding_on(rsa,ctx);
229	if (rsa->flags & RSA_FLAG_BLINDING)
230	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
231
232	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) \|\|
233	((rsa->p != NULL) &&
234	(rsa->q != NULL) &&
235	(rsa->dmp1 != NULL) &&
236	(rsa->dmq1 != NULL) &&
237	(rsa->iqmp != NULL)) )
238	{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
239	else
240	{
241	if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
242	}
243
244	if (rsa->flags & RSA_FLAG_BLINDING)
245	if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
246
247	/* put in leading 0 bytes if the number is less than the
248	* length of the modulus */
249	j=BN_num_bytes(&ret);
250	i=BN_bn2bin(&ret,&(to[num-j]));
251	for (k=0; k<(num-i); k++)
252	to[k]=0;
253
254	r=num;
255	err:
256	if (ctx != NULL) BN_CTX_free(ctx);
257	BN_clear_free(&ret);
258	BN_clear_free(&f);
259	if (buf != NULL)
260	{
261	memset(buf,0,num);
262	OPENSSL_free(buf);
263	}
264	return(r);
265	}
266
267	static int RSA_eay_private_decrypt(int flen, unsigned char *from,
268	unsigned char to, RSA rsa, int padding)
269	{
270	const RSA_METHOD *meth;
271	BIGNUM f,ret;
272	int j,num=0,r= -1;
273	unsigned char *p;
274	unsigned char *buf=NULL;
275	BN_CTX *ctx=NULL;
276
277	meth = ENGINE_get_RSA(rsa->engine);
278	BN_init(&f);
279	BN_init(&ret);
280	ctx=BN_CTX_new();
281	if (ctx == NULL) goto err;
282
283	num=BN_num_bytes(rsa->n);
284
285	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
286	{
287	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
288	goto err;
289	}
290
291	/* This check was for equality but PGP does evil things
292	* and chops off the top '0' bytes */
293	if (flen > num)
294	{
295	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
296	goto err;
297	}
298
299	/* make data into a big number */
300	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
301
302	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
303	RSA_blinding_on(rsa,ctx);
304	if (rsa->flags & RSA_FLAG_BLINDING)
305	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
306
307	/* do the decrypt */
308	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) \|\|
309	((rsa->p != NULL) &&
310	(rsa->q != NULL) &&
311	(rsa->dmp1 != NULL) &&
312	(rsa->dmq1 != NULL) &&
313	(rsa->iqmp != NULL)) )
314	{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
315	else
316	{
317	if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
318	goto err;
319	}
320
321	if (rsa->flags & RSA_FLAG_BLINDING)
322	if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
323
324	p=buf;
325	j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
326
327	switch (padding)
328	{
329	case RSA_PKCS1_PADDING:
330	r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
331	break;
332	#ifndef NO_SHA
333	case RSA_PKCS1_OAEP_PADDING:
334	r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
335	break;
336	#endif
337	case RSA_SSLV23_PADDING:
338	r=RSA_padding_check_SSLv23(to,num,buf,j,num);
339	break;
340	case RSA_NO_PADDING:
341	r=RSA_padding_check_none(to,num,buf,j,num);
342	break;
343	default:
344	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
345	goto err;
346	}
347	if (r < 0)
348	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
349
350	err:
351	if (ctx != NULL) BN_CTX_free(ctx);
352	BN_clear_free(&f);
353	BN_clear_free(&ret);
354	if (buf != NULL)
355	{
356	memset(buf,0,num);
357	OPENSSL_free(buf);
358	}
359	return(r);
360	}
361
362	static int RSA_eay_public_decrypt(int flen, unsigned char *from,
363	unsigned char to, RSA rsa, int padding)
364	{
365	const RSA_METHOD *meth;
366	BIGNUM f,ret;
367	int i,num=0,r= -1;
368	unsigned char *p;
369	unsigned char *buf=NULL;
370	BN_CTX *ctx=NULL;
371
372	meth = ENGINE_get_RSA(rsa->engine);
373	BN_init(&f);
374	BN_init(&ret);
375	ctx=BN_CTX_new();
376	if (ctx == NULL) goto err;
377
378	num=BN_num_bytes(rsa->n);
379	buf=(unsigned char *)OPENSSL_malloc(num);
380	if (buf == NULL)
381	{
382	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
383	goto err;
384	}
385
386	/* This check was for equality but PGP does evil things
387	* and chops off the top '0' bytes */
388	if (flen > num)
389	{
390	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
391	goto err;
392	}
393
394	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
395	/* do the decrypt */
396	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
397	{
398	BN_MONT_CTX* bn_mont_ctx;
399	if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
400	goto err;
401	if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->n,ctx))
402	{
403	BN_MONT_CTX_free(bn_mont_ctx);
404	goto err;
405	}
406	if (rsa->_method_mod_n == NULL) /* other thread may have finished first */
407	{
408	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
409	if (rsa->_method_mod_n == NULL)
410	{
411	rsa->_method_mod_n = bn_mont_ctx;
412	bn_mont_ctx = NULL;
413	}
414	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
415	}
416	if (bn_mont_ctx)
417	BN_MONT_CTX_free(bn_mont_ctx);
418	}
419
420	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
421	rsa->_method_mod_n)) goto err;
422
423	p=buf;
424	i=BN_bn2bin(&ret,p);
425
426	switch (padding)
427	{
428	case RSA_PKCS1_PADDING:
429	r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
430	break;
431	case RSA_NO_PADDING:
432	r=RSA_padding_check_none(to,num,buf,i,num);
433	break;
434	default:
435	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
436	goto err;
437	}
438	if (r < 0)
439	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
440
441	err:
442	if (ctx != NULL) BN_CTX_free(ctx);
443	BN_clear_free(&f);
444	BN_clear_free(&ret);
445	if (buf != NULL)
446	{
447	memset(buf,0,num);
448	OPENSSL_free(buf);
449	}
450	return(r);
451	}
452
453	static int RSA_eay_mod_exp(BIGNUM r0, BIGNUM I, RSA *rsa)
454	{
455	const RSA_METHOD *meth;
456	BIGNUM r1,m1,vrfy;
457	int ret=0;
458	BN_CTX *ctx;
459
460	meth = ENGINE_get_RSA(rsa->engine);
461	if ((ctx=BN_CTX_new()) == NULL) goto err;
462	BN_init(&m1);
463	BN_init(&r1);
464	BN_init(&vrfy);
465
466	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
467	{
468	if (rsa->_method_mod_p == NULL)
469	{
470	BN_MONT_CTX* bn_mont_ctx;
471	if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
472	goto err;
473	if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->p,ctx))
474	{
475	BN_MONT_CTX_free(bn_mont_ctx);
476	goto err;
477	}
478	if (rsa->_method_mod_p == NULL) /* other thread may have finished first */
479	{
480	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
481	if (rsa->_method_mod_p == NULL)
482	{
483	rsa->_method_mod_p = bn_mont_ctx;
484	bn_mont_ctx = NULL;
485	}
486	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
487	}
488	if (bn_mont_ctx)
489	BN_MONT_CTX_free(bn_mont_ctx);
490	}
491
492	if (rsa->_method_mod_q == NULL)
493	{
494	BN_MONT_CTX* bn_mont_ctx;
495	if ((bn_mont_ctx=BN_MONT_CTX_new()) == NULL)
496	goto err;
497	if (!BN_MONT_CTX_set(bn_mont_ctx,rsa->q,ctx))
498	{
499	BN_MONT_CTX_free(bn_mont_ctx);
500	goto err;
501	}
502	if (rsa->_method_mod_q == NULL) /* other thread may have finished first */
503	{
504	CRYPTO_w_lock(CRYPTO_LOCK_RSA);
505	if (rsa->_method_mod_q == NULL)
506	{
507	rsa->_method_mod_q = bn_mont_ctx;
508	bn_mont_ctx = NULL;
509	}
510	CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
511	}
512	if (bn_mont_ctx)
513	BN_MONT_CTX_free(bn_mont_ctx);
514	}
515	}
516
517	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
518	if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
519	rsa->_method_mod_q)) goto err;
520
521	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
522	if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
523	rsa->_method_mod_p)) goto err;
524
525	if (!BN_sub(r0,r0,&m1)) goto err;
526	/* This will help stop the size of r0 increasing, which does
527	* affect the multiply if it optimised for a power of 2 size */
528	if (r0->neg)
529	if (!BN_add(r0,r0,rsa->p)) goto err;
530
531	if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
532	if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
533	/* If p < q it is occasionally possible for the correction of
534	* adding 'p' if r0 is negative above to leave the result still
535	* negative. This can break the private key operations: the following
536	* second correction should always correct this rare occurrence.
537	* This will never happen with OpenSSL generated keys because
538	* they ensure p > q [steve]
539	*/
540	if (r0->neg)
541	if (!BN_add(r0,r0,rsa->p)) goto err;
542	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
543	if (!BN_add(r0,&r1,&m1)) goto err;
544
545	if (rsa->e && rsa->n)
546	{
547	if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
548	if (BN_cmp(I, &vrfy) != 0)
549	{
550	if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
551	}
552	}
553	ret=1;
554	err:
555	BN_clear_free(&m1);
556	BN_clear_free(&r1);
557	BN_clear_free(&vrfy);
558	BN_CTX_free(ctx);
559	return(ret);
560	}
561
562	static int RSA_eay_init(RSA *rsa)
563	{
564	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;
565	return(1);
566	}
567
568	static int RSA_eay_finish(RSA *rsa)
569	{
570	if (rsa->_method_mod_n != NULL)
571	BN_MONT_CTX_free(rsa->_method_mod_n);
572	if (rsa->_method_mod_p != NULL)
573	BN_MONT_CTX_free(rsa->_method_mod_p);
574	if (rsa->_method_mod_q != NULL)
575	BN_MONT_CTX_free(rsa->_method_mod_q);
576	return(1);
577	}
578
579	#endif