1 files changed, 0 insertions, 491 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
deleted file mode 100644
index b7d2460754..0000000000
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,491 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef RSA_NULL
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
-        "Eric Young's PKCS#1 RSA",
-        RSA_eay_public_encrypt,
-        RSA_eay_public_decrypt,
-        RSA_eay_private_encrypt,
-        RSA_eay_private_decrypt,
-        RSA_eay_mod_exp,
-        BN_mod_exp_mont,
-        RSA_eay_init,
-        RSA_eay_finish,
-        0,
-        NULL,
-        };
-RSA_METHOD *RSA_PKCS1_SSLeay(void)
-        {
-        return(&rsa_pkcs1_eay_meth);
-        }
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)Malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
-                break;
-#ifndef NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                i=RSA_padding_add_SSLv23(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
-                            goto err;
-                }
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL) 
-                {
-                memset(buf,0,num);
-                Free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)Malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        case RSA_SSLV23_PADDING:
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-                RSA_blinding_on(rsa,ctx);
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
-        else
-                {
-                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
-                }
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&ret);
-        BN_clear_free(&f);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                Free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int j,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)Malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-        /* make data into a big number */
-        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-                RSA_blinding_on(rsa,ctx);
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
-        /* do the decrypt */
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
-        else
-                {
-                if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
-                        goto err;
-                }
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
-        p=buf;
-        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
-                break;
-#ifndef NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                r=RSA_padding_check_SSLv23(to,num,buf,j,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,j,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                Free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        BIGNUM f,ret;
-        int i,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        buf=(unsigned char *)Malloc(num);
-        if (buf == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
-        /* do the decrypt */
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
-                            goto err;
-                }
-        if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-        p=buf;
-        i=BN_bn2bin(&ret,p);
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,i,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                Free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-        {
-        BIGNUM r1,m1;
-        int ret=0;
-        BN_CTX *ctx;
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        BN_init(&m1);
-        BN_init(&r1);
-        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-                {
-                if (rsa->_method_mod_p == NULL)
-                        {
-                        if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
-                                if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
-                                                     ctx))
-                                        goto err;
-                        }
-                if (rsa->_method_mod_q == NULL)
-                        {
-                        if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
-                                if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
-                                                     ctx))
-                                        goto err;
-                        }
-                }
-        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
-                rsa->_method_mod_q)) goto err;
-        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
-                rsa->_method_mod_p)) goto err;
-        if (!BN_sub(r0,r0,&m1)) goto err;
-        /* This will help stop the size of r0 increasing, which does
-         * affect the multiply if it optimised for a power of 2 size */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
-        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
-        /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
-         * negative. This can break the private key operations: the following
-         * second correction should *always* correct this rare occurrence.
-         * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
-        if (!BN_add(r0,&r1,&m1)) goto err;
-        ret=1;
-err:
-        BN_clear_free(&m1);
-        BN_clear_free(&r1);
-        BN_CTX_free(ctx);
-        return(ret);
-        }
-static int RSA_eay_init(RSA *rsa)
-        {
-        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-        return(1);
-        }
-static int RSA_eay_finish(RSA *rsa)
-        {
-        if (rsa->_method_mod_n != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_n);
-        if (rsa->_method_mod_p != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_p);
-        if (rsa->_method_mod_q != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_q);
-        return(1);
-        }
-#endif

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c deleted file mode 100644 index b7d2460754..0000000000 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ /dev/null
@@ -1,491 +0,0 @@
1	/* crypto/rsa/rsa_eay.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include "cryptlib.h"
61	#include <openssl/bn.h>
62	#include <openssl/rsa.h>
63	#include <openssl/rand.h>
64
65	#ifndef RSA_NULL
66
67	static int RSA_eay_public_encrypt(int flen, unsigned char *from,
68	unsigned char to, RSA rsa,int padding);
69	static int RSA_eay_private_encrypt(int flen, unsigned char *from,
70	unsigned char to, RSA rsa,int padding);
71	static int RSA_eay_public_decrypt(int flen, unsigned char *from,
72	unsigned char to, RSA rsa,int padding);
73	static int RSA_eay_private_decrypt(int flen, unsigned char *from,
74	unsigned char to, RSA rsa,int padding);
75	static int RSA_eay_mod_exp(BIGNUM r0, BIGNUM i, RSA *rsa);
76	static int RSA_eay_init(RSA *rsa);
77	static int RSA_eay_finish(RSA *rsa);
78	static RSA_METHOD rsa_pkcs1_eay_meth={
79	"Eric Young's PKCS#1 RSA",
80	RSA_eay_public_encrypt,
81	RSA_eay_public_decrypt,
82	RSA_eay_private_encrypt,
83	RSA_eay_private_decrypt,
84	RSA_eay_mod_exp,
85	BN_mod_exp_mont,
86	RSA_eay_init,
87	RSA_eay_finish,
88	0,
89	NULL,
90	};
91
92	RSA_METHOD *RSA_PKCS1_SSLeay(void)
93	{
94	return(&rsa_pkcs1_eay_meth);
95	}
96
97	static int RSA_eay_public_encrypt(int flen, unsigned char *from,
98	unsigned char to, RSA rsa, int padding)
99	{
100	BIGNUM f,ret;
101	int i,j,k,num=0,r= -1;
102	unsigned char *buf=NULL;
103	BN_CTX *ctx=NULL;
104
105	BN_init(&f);
106	BN_init(&ret);
107	if ((ctx=BN_CTX_new()) == NULL) goto err;
108	num=BN_num_bytes(rsa->n);
109	if ((buf=(unsigned char *)Malloc(num)) == NULL)
110	{
111	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
112	goto err;
113	}
114
115	switch (padding)
116	{
117	case RSA_PKCS1_PADDING:
118	i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
119	break;
120	#ifndef NO_SHA
121	case RSA_PKCS1_OAEP_PADDING:
122	i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
123	break;
124	#endif
125	case RSA_SSLV23_PADDING:
126	i=RSA_padding_add_SSLv23(buf,num,from,flen);
127	break;
128	case RSA_NO_PADDING:
129	i=RSA_padding_add_none(buf,num,from,flen);
130	break;
131	default:
132	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
133	goto err;
134	}
135	if (i <= 0) goto err;
136
137	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
138
139	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
140	{
141	if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
142	if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
143	goto err;
144	}
145
146	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
147	rsa->_method_mod_n)) goto err;
148
149	/* put in leading 0 bytes if the number is less than the
150	* length of the modulus */
151	j=BN_num_bytes(&ret);
152	i=BN_bn2bin(&ret,&(to[num-j]));
153	for (k=0; k<(num-i); k++)
154	to[k]=0;
155
156	r=num;
157	err:
158	if (ctx != NULL) BN_CTX_free(ctx);
159	BN_clear_free(&f);
160	BN_clear_free(&ret);
161	if (buf != NULL)
162	{
163	memset(buf,0,num);
164	Free(buf);
165	}
166	return(r);
167	}
168
169	static int RSA_eay_private_encrypt(int flen, unsigned char *from,
170	unsigned char to, RSA rsa, int padding)
171	{
172	BIGNUM f,ret;
173	int i,j,k,num=0,r= -1;
174	unsigned char *buf=NULL;
175	BN_CTX *ctx=NULL;
176
177	BN_init(&f);
178	BN_init(&ret);
179
180	if ((ctx=BN_CTX_new()) == NULL) goto err;
181	num=BN_num_bytes(rsa->n);
182	if ((buf=(unsigned char *)Malloc(num)) == NULL)
183	{
184	RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
185	goto err;
186	}
187
188	switch (padding)
189	{
190	case RSA_PKCS1_PADDING:
191	i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
192	break;
193	case RSA_NO_PADDING:
194	i=RSA_padding_add_none(buf,num,from,flen);
195	break;
196	case RSA_SSLV23_PADDING:
197	default:
198	RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
199	goto err;
200	}
201	if (i <= 0) goto err;
202
203	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
204
205	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
206	RSA_blinding_on(rsa,ctx);
207	if (rsa->flags & RSA_FLAG_BLINDING)
208	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
209
210	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) \|\|
211	((rsa->p != NULL) &&
212	(rsa->q != NULL) &&
213	(rsa->dmp1 != NULL) &&
214	(rsa->dmq1 != NULL) &&
215	(rsa->iqmp != NULL)) )
216	{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
217	else
218	{
219	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
220	}
221
222	if (rsa->flags & RSA_FLAG_BLINDING)
223	if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
224
225	/* put in leading 0 bytes if the number is less than the
226	* length of the modulus */
227	j=BN_num_bytes(&ret);
228	i=BN_bn2bin(&ret,&(to[num-j]));
229	for (k=0; k<(num-i); k++)
230	to[k]=0;
231
232	r=num;
233	err:
234	if (ctx != NULL) BN_CTX_free(ctx);
235	BN_clear_free(&ret);
236	BN_clear_free(&f);
237	if (buf != NULL)
238	{
239	memset(buf,0,num);
240	Free(buf);
241	}
242	return(r);
243	}
244
245	static int RSA_eay_private_decrypt(int flen, unsigned char *from,
246	unsigned char to, RSA rsa, int padding)
247	{
248	BIGNUM f,ret;
249	int j,num=0,r= -1;
250	unsigned char *p;
251	unsigned char *buf=NULL;
252	BN_CTX *ctx=NULL;
253
254	BN_init(&f);
255	BN_init(&ret);
256	ctx=BN_CTX_new();
257	if (ctx == NULL) goto err;
258
259	num=BN_num_bytes(rsa->n);
260
261	if ((buf=(unsigned char *)Malloc(num)) == NULL)
262	{
263	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
264	goto err;
265	}
266
267	/* This check was for equality but PGP does evil things
268	* and chops off the top '0' bytes */
269	if (flen > num)
270	{
271	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
272	goto err;
273	}
274
275	/* make data into a big number */
276	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
277
278	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
279	RSA_blinding_on(rsa,ctx);
280	if (rsa->flags & RSA_FLAG_BLINDING)
281	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
282
283	/* do the decrypt */
284	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) \|\|
285	((rsa->p != NULL) &&
286	(rsa->q != NULL) &&
287	(rsa->dmp1 != NULL) &&
288	(rsa->dmq1 != NULL) &&
289	(rsa->iqmp != NULL)) )
290	{ if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
291	else
292	{
293	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
294	goto err;
295	}
296
297	if (rsa->flags & RSA_FLAG_BLINDING)
298	if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
299
300	p=buf;
301	j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
302
303	switch (padding)
304	{
305	case RSA_PKCS1_PADDING:
306	r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
307	break;
308	#ifndef NO_SHA
309	case RSA_PKCS1_OAEP_PADDING:
310	r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
311	break;
312	#endif
313	case RSA_SSLV23_PADDING:
314	r=RSA_padding_check_SSLv23(to,num,buf,j,num);
315	break;
316	case RSA_NO_PADDING:
317	r=RSA_padding_check_none(to,num,buf,j,num);
318	break;
319	default:
320	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
321	goto err;
322	}
323	if (r < 0)
324	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
325
326	err:
327	if (ctx != NULL) BN_CTX_free(ctx);
328	BN_clear_free(&f);
329	BN_clear_free(&ret);
330	if (buf != NULL)
331	{
332	memset(buf,0,num);
333	Free(buf);
334	}
335	return(r);
336	}
337
338	static int RSA_eay_public_decrypt(int flen, unsigned char *from,
339	unsigned char to, RSA rsa, int padding)
340	{
341	BIGNUM f,ret;
342	int i,num=0,r= -1;
343	unsigned char *p;
344	unsigned char *buf=NULL;
345	BN_CTX *ctx=NULL;
346
347	BN_init(&f);
348	BN_init(&ret);
349	ctx=BN_CTX_new();
350	if (ctx == NULL) goto err;
351
352	num=BN_num_bytes(rsa->n);
353	buf=(unsigned char *)Malloc(num);
354	if (buf == NULL)
355	{
356	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
357	goto err;
358	}
359
360	/* This check was for equality but PGP does evil things
361	* and chops off the top '0' bytes */
362	if (flen > num)
363	{
364	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
365	goto err;
366	}
367
368	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
369	/* do the decrypt */
370	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
371	{
372	if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
373	if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
374	goto err;
375	}
376
377	if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
378	rsa->_method_mod_n)) goto err;
379
380	p=buf;
381	i=BN_bn2bin(&ret,p);
382
383	switch (padding)
384	{
385	case RSA_PKCS1_PADDING:
386	r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
387	break;
388	case RSA_NO_PADDING:
389	r=RSA_padding_check_none(to,num,buf,i,num);
390	break;
391	default:
392	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
393	goto err;
394	}
395	if (r < 0)
396	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
397
398	err:
399	if (ctx != NULL) BN_CTX_free(ctx);
400	BN_clear_free(&f);
401	BN_clear_free(&ret);
402	if (buf != NULL)
403	{
404	memset(buf,0,num);
405	Free(buf);
406	}
407	return(r);
408	}
409
410	static int RSA_eay_mod_exp(BIGNUM r0, BIGNUM I, RSA *rsa)
411	{
412	BIGNUM r1,m1;
413	int ret=0;
414	BN_CTX *ctx;
415
416	if ((ctx=BN_CTX_new()) == NULL) goto err;
417	BN_init(&m1);
418	BN_init(&r1);
419
420	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
421	{
422	if (rsa->_method_mod_p == NULL)
423	{
424	if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
425	if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
426	ctx))
427	goto err;
428	}
429	if (rsa->_method_mod_q == NULL)
430	{
431	if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
432	if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
433	ctx))
434	goto err;
435	}
436	}
437
438	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
439	if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
440	rsa->_method_mod_q)) goto err;
441
442	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
443	if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
444	rsa->_method_mod_p)) goto err;
445
446	if (!BN_sub(r0,r0,&m1)) goto err;
447	/* This will help stop the size of r0 increasing, which does
448	* affect the multiply if it optimised for a power of 2 size */
449	if (r0->neg)
450	if (!BN_add(r0,r0,rsa->p)) goto err;
451
452	if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
453	if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
454	/* If p < q it is occasionally possible for the correction of
455	* adding 'p' if r0 is negative above to leave the result still
456	* negative. This can break the private key operations: the following
457	* second correction should always correct this rare occurrence.
458	* This will never happen with OpenSSL generated keys because
459	* they ensure p > q [steve]
460	*/
461	if (r0->neg)
462	if (!BN_add(r0,r0,rsa->p)) goto err;
463	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
464	if (!BN_add(r0,&r1,&m1)) goto err;
465
466	ret=1;
467	err:
468	BN_clear_free(&m1);
469	BN_clear_free(&r1);
470	BN_CTX_free(ctx);
471	return(ret);
472	}
473
474	static int RSA_eay_init(RSA *rsa)
475	{
476	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;
477	return(1);
478	}
479
480	static int RSA_eay_finish(RSA *rsa)
481	{
482	if (rsa->_method_mod_n != NULL)
483	BN_MONT_CTX_free(rsa->_method_mod_n);
484	if (rsa->_method_mod_p != NULL)
485	BN_MONT_CTX_free(rsa->_method_mod_p);
486	if (rsa->_method_mod_q != NULL)
487	BN_MONT_CTX_free(rsa->_method_mod_q);
488	return(1);
489	}
490
491	#endif