summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa/rsa_eay.c
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa/rsa_eay.c')
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c87
1 files changed, 45 insertions, 42 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 06bd8ded96..ede772cb83 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -1,25 +1,25 @@
1/* $OpenBSD: rsa_eay.c,v 1.30 2014/07/09 08:44:53 miod Exp $ */ 1/* $OpenBSD: rsa_eay.c,v 1.31 2014/07/09 19:51:38 jsing Exp $ */
2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) 2/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3 * All rights reserved. 3 * All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written 5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com). 6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL. 7 * The implementation was written so as to conform with Netscapes SSL.
8 * 8 *
9 * This library is free for commercial and non-commercial use as long as 9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions 10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA, 11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation 12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms 13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com). 14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 * 15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in 16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed. 17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution 18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used. 19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or 20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package. 21 * in documentation (online or textual) provided with the package.
22 * 22 *
23 * Redistribution and use in source and binary forms, with or without 23 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 24 * modification, are permitted provided that the following conditions
25 * are met: 25 * are met:
@@ -34,10 +34,10 @@
34 * Eric Young (eay@cryptsoft.com)" 34 * Eric Young (eay@cryptsoft.com)"
35 * The word 'cryptographic' can be left out if the rouines from the library 35 * The word 'cryptographic' can be left out if the rouines from the library
36 * being used are not cryptographic related :-). 36 * being used are not cryptographic related :-).
37 * 4. If you include any Windows specific code (or a derivative thereof) from 37 * 4. If you include any Windows specific code (or a derivative thereof) from
38 * the apps directory (application code) you must include an acknowledgement: 38 * the apps directory (application code) you must include an acknowledgement:
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40 * 40 *
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
@@ -49,7 +49,7 @@
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51 * SUCH DAMAGE. 51 * SUCH DAMAGE.
52 * 52 *
53 * The licence and distribution terms for any publically available version or 53 * The licence and distribution terms for any publically available version or
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 54 * derivative of this code cannot be changed. i.e. this code cannot simply be
55 * copied and put under another distribution licence 55 * copied and put under another distribution licence
@@ -63,7 +63,7 @@
63 * are met: 63 * are met:
64 * 64 *
65 * 1. Redistributions of source code must retain the above copyright 65 * 1. Redistributions of source code must retain the above copyright
66 * notice, this list of conditions and the following disclaimer. 66 * notice, this list of conditions and the following disclaimer.
67 * 67 *
68 * 2. Redistributions in binary form must reproduce the above copyright 68 * 2. Redistributions in binary form must reproduce the above copyright
69 * notice, this list of conditions and the following disclaimer in 69 * notice, this list of conditions and the following disclaimer in
@@ -116,16 +116,17 @@
116#include <openssl/rand.h> 116#include <openssl/rand.h>
117 117
118static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 118static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
119 unsigned char *to, RSA *rsa,int padding); 119 unsigned char *to, RSA *rsa, int padding);
120static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 120static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
121 unsigned char *to, RSA *rsa,int padding); 121 unsigned char *to, RSA *rsa, int padding);
122static int RSA_eay_public_decrypt(int flen, const unsigned char *from, 122static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
123 unsigned char *to, RSA *rsa,int padding); 123 unsigned char *to, RSA *rsa, int padding);
124static int RSA_eay_private_decrypt(int flen, const unsigned char *from, 124static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
125 unsigned char *to, RSA *rsa,int padding); 125 unsigned char *to, RSA *rsa, int padding);
126static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); 126static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx);
127static int RSA_eay_init(RSA *rsa); 127static int RSA_eay_init(RSA *rsa);
128static int RSA_eay_finish(RSA *rsa); 128static int RSA_eay_finish(RSA *rsa);
129
129static RSA_METHOD rsa_pkcs1_eay_meth = { 130static RSA_METHOD rsa_pkcs1_eay_meth = {
130 .name = "Eric Young's PKCS#1 RSA", 131 .name = "Eric Young's PKCS#1 RSA",
131 .rsa_pub_enc = RSA_eay_public_encrypt, 132 .rsa_pub_enc = RSA_eay_public_encrypt,
@@ -170,8 +171,8 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
170 return -1; 171 return -1;
171 } 172 }
172 } 173 }
173 174
174 if ((ctx=BN_CTX_new()) == NULL) 175 if ((ctx = BN_CTX_new()) == NULL)
175 goto err; 176 goto err;
176 BN_CTX_start(ctx); 177 BN_CTX_start(ctx);
177 f = BN_CTX_get(ctx); 178 f = BN_CTX_get(ctx);
@@ -179,7 +180,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
179 num = BN_num_bytes(rsa->n); 180 num = BN_num_bytes(rsa->n);
180 buf = malloc(num); 181 buf = malloc(num);
181 if (!f || !ret || !buf) { 182 if (!f || !ret || !buf) {
182 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); 183 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
183 goto err; 184 goto err;
184 } 185 }
185 186
@@ -189,7 +190,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
189 break; 190 break;
190#ifndef OPENSSL_NO_SHA 191#ifndef OPENSSL_NO_SHA
191 case RSA_PKCS1_OAEP_PADDING: 192 case RSA_PKCS1_OAEP_PADDING:
192 i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0); 193 i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
193 break; 194 break;
194#endif 195#endif
195 case RSA_SSLV23_PADDING: 196 case RSA_SSLV23_PADDING:
@@ -208,7 +209,7 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
208 209
209 if (BN_bin2bn(buf, num, f) == NULL) 210 if (BN_bin2bn(buf, num, f) == NULL)
210 goto err; 211 goto err;
211 212
212 if (BN_ucmp(f, rsa->n) >= 0) { 213 if (BN_ucmp(f, rsa->n) >= 0) {
213 /* usually the padding functions would catch this */ 214 /* usually the padding functions would catch this */
214 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, 215 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
@@ -221,7 +222,8 @@ RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
221 CRYPTO_LOCK_RSA, rsa->n, ctx)) 222 CRYPTO_LOCK_RSA, rsa->n, ctx))
222 goto err; 223 goto err;
223 224
224 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) 225 if (!rsa->meth->bn_mod_exp(ret, f,rsa->e, rsa->n, ctx,
226 rsa->_method_mod_n))
225 goto err; 227 goto err;
226 228
227 /* put in leading 0 bytes if the number is less than the 229 /* put in leading 0 bytes if the number is less than the
@@ -286,7 +288,7 @@ rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
286 CRYPTO_w_lock(CRYPTO_LOCK_RSA); 288 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
287 got_write_lock = 1; 289 got_write_lock = 1;
288 } 290 }
289 291
290 if (rsa->mt_blinding == NULL) 292 if (rsa->mt_blinding == NULL)
291 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx); 293 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
292 } 294 }
@@ -355,7 +357,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
355 BIGNUM *unblind = NULL; 357 BIGNUM *unblind = NULL;
356 BN_BLINDING *blinding = NULL; 358 BN_BLINDING *blinding = NULL;
357 359
358 if ((ctx=BN_CTX_new()) == NULL) 360 if ((ctx = BN_CTX_new()) == NULL)
359 goto err; 361 goto err;
360 BN_CTX_start(ctx); 362 BN_CTX_start(ctx);
361 f = BN_CTX_get(ctx); 363 f = BN_CTX_get(ctx);
@@ -386,10 +388,10 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
386 if (i <= 0) 388 if (i <= 0)
387 goto err; 389 goto err;
388 390
389 if (BN_bin2bn(buf,num,f) == NULL) 391 if (BN_bin2bn(buf, num, f) == NULL)
390 goto err; 392 goto err;
391 393
392 if (BN_ucmp(f, rsa->n) >= 0) { 394 if (BN_ucmp(f, rsa->n) >= 0) {
393 /* usually the padding functions would catch this */ 395 /* usually the padding functions would catch this */
394 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 396 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
395 RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 397 RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
@@ -404,7 +406,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
404 goto err; 406 goto err;
405 } 407 }
406 } 408 }
407 409
408 if (blinding != NULL) { 410 if (blinding != NULL) {
409 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { 411 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
410 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, 412 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
@@ -417,13 +419,13 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
417 419
418 if ((rsa->flags & RSA_FLAG_EXT_PKEY) || 420 if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
419 (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL && 421 (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
420 rsa->dmq1 != NULL && rsa->iqmp != NULL)) { 422 rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
421 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) 423 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
422 goto err; 424 goto err;
423 } else { 425 } else {
424 BIGNUM local_d; 426 BIGNUM local_d;
425 BIGNUM *d = NULL; 427 BIGNUM *d = NULL;
426 428
427 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { 429 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
428 BN_init(&local_d); 430 BN_init(&local_d);
429 d = &local_d; 431 d = &local_d;
@@ -436,7 +438,7 @@ RSA_eay_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
436 CRYPTO_LOCK_RSA, rsa->n, ctx)) 438 CRYPTO_LOCK_RSA, rsa->n, ctx))
437 goto err; 439 goto err;
438 440
439 if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n,ctx, 441 if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
440 rsa->_method_mod_n)) 442 rsa->_method_mod_n))
441 goto err; 443 goto err;
442 } 444 }
@@ -530,7 +532,7 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
530 goto err; 532 goto err;
531 } 533 }
532 } 534 }
533 535
534 if (blinding != NULL) { 536 if (blinding != NULL) {
535 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) { 537 if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
536 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, 538 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
@@ -544,13 +546,13 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
544 /* do the decrypt */ 546 /* do the decrypt */
545 if ((rsa->flags & RSA_FLAG_EXT_PKEY) || 547 if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
546 (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL && 548 (rsa->p != NULL && rsa->q != NULL && rsa->dmp1 != NULL &&
547 rsa->dmq1 != NULL && rsa->iqmp != NULL)) { 549 rsa->dmq1 != NULL && rsa->iqmp != NULL)) {
548 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) 550 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
549 goto err; 551 goto err;
550 } else { 552 } else {
551 BIGNUM local_d; 553 BIGNUM local_d;
552 BIGNUM *d = NULL; 554 BIGNUM *d = NULL;
553 555
554 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { 556 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
555 d = &local_d; 557 d = &local_d;
556 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 558 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
@@ -578,11 +580,11 @@ RSA_eay_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
578 r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num); 580 r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
579 break; 581 break;
580#ifndef OPENSSL_NO_SHA 582#ifndef OPENSSL_NO_SHA
581 case RSA_PKCS1_OAEP_PADDING: 583 case RSA_PKCS1_OAEP_PADDING:
582 r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0); 584 r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
583 break; 585 break;
584#endif 586#endif
585 case RSA_SSLV23_PADDING: 587 case RSA_SSLV23_PADDING:
586 r = RSA_padding_check_SSLv23(to, num, buf, j, num); 588 r = RSA_padding_check_SSLv23(to, num, buf, j, num);
587 break; 589 break;
588 case RSA_NO_PADDING: 590 case RSA_NO_PADDING:
@@ -603,7 +605,7 @@ err:
603 BN_CTX_free(ctx); 605 BN_CTX_free(ctx);
604 } 606 }
605 if (buf != NULL) { 607 if (buf != NULL) {
606 OPENSSL_cleanse(buf,num); 608 OPENSSL_cleanse(buf, num);
607 free(buf); 609 free(buf);
608 } 610 }
609 return r; 611 return r;
@@ -615,7 +617,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
615 RSA *rsa, int padding) 617 RSA *rsa, int padding)
616{ 618{
617 BIGNUM *f, *ret; 619 BIGNUM *f, *ret;
618 int i, num = 0,r = -1; 620 int i, num = 0, r = -1;
619 unsigned char *p; 621 unsigned char *p;
620 unsigned char *buf = NULL; 622 unsigned char *buf = NULL;
621 BN_CTX *ctx = NULL; 623 BN_CTX *ctx = NULL;
@@ -637,7 +639,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
637 return -1; 639 return -1;
638 } 640 }
639 } 641 }
640 642
641 if ((ctx = BN_CTX_new()) == NULL) 643 if ((ctx = BN_CTX_new()) == NULL)
642 goto err; 644 goto err;
643 BN_CTX_start(ctx); 645 BN_CTX_start(ctx);
@@ -658,7 +660,7 @@ RSA_eay_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
658 goto err; 660 goto err;
659 } 661 }
660 662
661 if (BN_bin2bn(from,flen,f) == NULL) 663 if (BN_bin2bn(from, flen, f) == NULL)
662 goto err; 664 goto err;
663 665
664 if (BN_ucmp(f, rsa->n) >= 0) { 666 if (BN_ucmp(f, rsa->n) >= 0) {
@@ -801,7 +803,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
801 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); 803 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
802 } else 804 } else
803 dmp1 = rsa->dmp1; 805 dmp1 = rsa->dmp1;
804 if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p,ctx, 806 if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
805 rsa->_method_mod_p)) 807 rsa->_method_mod_p))
806 goto err; 808 goto err;
807 809
@@ -824,7 +826,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
824 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME); 826 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
825 } else 827 } else
826 pr1 = r1; 828 pr1 = r1;
827 if (!BN_mod(r0, pr1, rsa->p,ctx)) 829 if (!BN_mod(r0, pr1, rsa->p, ctx))
828 goto err; 830 goto err;
829 831
830 /* 832 /*
@@ -869,7 +871,7 @@ RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
869 871
870 BIGNUM local_d; 872 BIGNUM local_d;
871 BIGNUM *d = NULL; 873 BIGNUM *d = NULL;
872 874
873 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) { 875 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
874 d = &local_d; 876 d = &local_d;
875 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 877 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
@@ -890,7 +892,7 @@ static int
890RSA_eay_init(RSA *rsa) 892RSA_eay_init(RSA *rsa)
891{ 893{
892 rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE; 894 rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
893 return 1 ; 895 return 1;
894} 896}
895 897
896static int 898static int
@@ -902,5 +904,6 @@ RSA_eay_finish(RSA *rsa)
902 BN_MONT_CTX_free(rsa->_method_mod_p); 904 BN_MONT_CTX_free(rsa->_method_mod_p);
903 if (rsa->_method_mod_q != NULL) 905 if (rsa->_method_mod_q != NULL)
904 BN_MONT_CTX_free(rsa->_method_mod_q); 906 BN_MONT_CTX_free(rsa->_method_mod_q);
907
905 return 1; 908 return 1;
906} 909}
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-24 19:26:37 +0000