1 files changed, 0 insertions, 512 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
deleted file mode 100644
index ccaa62b239..0000000000
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ /dev/null
@@ -1,512 +0,0 @@
-/* crypto/rsa/rsa_eay.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- * 
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to.  The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- * 
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- * 
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- *    notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- *    notice, this list of conditions and the following disclaimer in the
- *    documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- *    must display the following acknowledgement:
- *    "This product includes cryptographic software written by
- *     Eric Young (eay@cryptsoft.com)"
- *    The word 'cryptographic' can be left out if the rouines from the library
- *    being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from 
- *    the apps directory (application code) you must include an acknowledgement:
- *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- * 
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- * 
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed.  i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-#include <stdio.h>
-#include "cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#include <openssl/engine.h>
-#ifndef RSA_NULL
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-                unsigned char *to, RSA *rsa,int padding);
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
-static int RSA_eay_init(RSA *rsa);
-static int RSA_eay_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_eay_meth={
-        "Eric Young's PKCS#1 RSA",
-        RSA_eay_public_encrypt,
-        RSA_eay_public_decrypt,
-        RSA_eay_private_encrypt,
-        RSA_eay_private_decrypt,
-        RSA_eay_mod_exp,
-        BN_mod_exp_mont,
-        RSA_eay_init,
-        RSA_eay_finish,
-        0,
-        NULL,
-        };
-RSA_METHOD *RSA_PKCS1_SSLeay(void)
-        {
-        return(&rsa_pkcs1_eay_meth);
-        }
-static int RSA_eay_public_encrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
-                break;
-#ifndef NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                i=RSA_padding_add_SSLv23(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
-                            goto err;
-                }
-        if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL) 
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_private_encrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int i,j,k,num=0,r= -1;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
-                break;
-        case RSA_NO_PADDING:
-                i=RSA_padding_add_none(buf,num,from,flen);
-                break;
-        case RSA_SSLV23_PADDING:
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (i <= 0) goto err;
-        if (BN_bin2bn(buf,num,&f) == NULL) goto err;
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-                RSA_blinding_on(rsa,ctx);
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
-        else
-                {
-                if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
-                }
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
-        /* put in leading 0 bytes if the number is less than the
-         * length of the modulus */
-        j=BN_num_bytes(&ret);
-        i=BN_bn2bin(&ret,&(to[num-j]));
-        for (k=0; k<(num-i); k++)
-                to[k]=0;
-        r=num;
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&ret);
-        BN_clear_free(&f);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_private_decrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int j,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-        /* make data into a big number */
-        if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
-        if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
-                RSA_blinding_on(rsa,ctx);
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
-        /* do the decrypt */
-        if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
-                ((rsa->p != NULL) &&
-                (rsa->q != NULL) &&
-                (rsa->dmp1 != NULL) &&
-                (rsa->dmq1 != NULL) &&
-                (rsa->iqmp != NULL)) )
-                { if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
-        else
-                {
-                if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
-                        goto err;
-                }
-        if (rsa->flags & RSA_FLAG_BLINDING)
-                if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
-        p=buf;
-        j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
-                break;
-#ifndef NO_SHA
-        case RSA_PKCS1_OAEP_PADDING:
-                r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
-                break;
-#endif
-        case RSA_SSLV23_PADDING:
-                r=RSA_padding_check_SSLv23(to,num,buf,j,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,j,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_public_decrypt(int flen, unsigned char *from,
-             unsigned char *to, RSA *rsa, int padding)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM f,ret;
-        int i,num=0,r= -1;
-        unsigned char *p;
-        unsigned char *buf=NULL;
-        BN_CTX *ctx=NULL;
-        meth = ENGINE_get_RSA(rsa->engine);
-        BN_init(&f);
-        BN_init(&ret);
-        ctx=BN_CTX_new();
-        if (ctx == NULL) goto err;
-        num=BN_num_bytes(rsa->n);
-        buf=(unsigned char *)OPENSSL_malloc(num);
-        if (buf == NULL)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
-                goto err;
-                }
-        /* This check was for equality but PGP does evil things
-         * and chops off the top '0' bytes */
-        if (flen > num)
-                {
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
-                goto err;
-                }
-        if (BN_bin2bn(from,flen,&f) == NULL) goto err;
-        /* do the decrypt */
-        if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
-                {
-                if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
-                        if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
-                            goto err;
-                }
-        if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
-                rsa->_method_mod_n)) goto err;
-        p=buf;
-        i=BN_bn2bin(&ret,p);
-        switch (padding)
-                {
-        case RSA_PKCS1_PADDING:
-                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
-                break;
-        case RSA_NO_PADDING:
-                r=RSA_padding_check_none(to,num,buf,i,num);
-                break;
-        default:
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
-                goto err;
-                }
-        if (r < 0)
-                RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
-err:
-        if (ctx != NULL) BN_CTX_free(ctx);
-        BN_clear_free(&f);
-        BN_clear_free(&ret);
-        if (buf != NULL)
-                {
-                memset(buf,0,num);
-                OPENSSL_free(buf);
-                }
-        return(r);
-        }
-static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
-        {
-        const RSA_METHOD *meth;
-        BIGNUM r1,m1,vrfy;
-        int ret=0;
-        BN_CTX *ctx;
-        meth = ENGINE_get_RSA(rsa->engine);
-        if ((ctx=BN_CTX_new()) == NULL) goto err;
-        BN_init(&m1);
-        BN_init(&r1);
-        BN_init(&vrfy);
-        if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
-                {
-                if (rsa->_method_mod_p == NULL)
-                        {
-                        if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
-                                if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
-                                                     ctx))
-                                        goto err;
-                        }
-                if (rsa->_method_mod_q == NULL)
-                        {
-                        if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
-                                if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
-                                                     ctx))
-                                        goto err;
-                        }
-                }
-        if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
-        if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
-                rsa->_method_mod_q)) goto err;
-        if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
-        if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
-                rsa->_method_mod_p)) goto err;
-        if (!BN_sub(r0,r0,&m1)) goto err;
-        /* This will help stop the size of r0 increasing, which does
-         * affect the multiply if it optimised for a power of 2 size */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
-        if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
-        /* If p < q it is occasionally possible for the correction of
-         * adding 'p' if r0 is negative above to leave the result still
-         * negative. This can break the private key operations: the following
-         * second correction should *always* correct this rare occurrence.
-         * This will *never* happen with OpenSSL generated keys because
-         * they ensure p > q [steve]
-         */
-        if (r0->neg)
-                if (!BN_add(r0,r0,rsa->p)) goto err;
-        if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
-        if (!BN_add(r0,&r1,&m1)) goto err;
-        if (rsa->e && rsa->n)
-                {
-                if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
-                if (BN_cmp(I, &vrfy) != 0)
-                        {
-                        if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
-                        }
-                }
-        ret=1;
-err:
-        BN_clear_free(&m1);
-        BN_clear_free(&r1);
-        BN_clear_free(&vrfy);
-        BN_CTX_free(ctx);
-        return(ret);
-        }
-static int RSA_eay_init(RSA *rsa)
-        {
-        rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
-        return(1);
-        }
-static int RSA_eay_finish(RSA *rsa)
-        {
-        if (rsa->_method_mod_n != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_n);
-        if (rsa->_method_mod_p != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_p);
-        if (rsa->_method_mod_q != NULL)
-                BN_MONT_CTX_free(rsa->_method_mod_q);
-        return(1);
-        }
-#endif

diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c deleted file mode 100644 index ccaa62b239..0000000000 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ /dev/null
@@ -1,512 +0,0 @@
1	/* crypto/rsa/rsa_eay.c */
2	/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
3	* All rights reserved.
4	*
5	* This package is an SSL implementation written
6	* by Eric Young (eay@cryptsoft.com).
7	* The implementation was written so as to conform with Netscapes SSL.
8	*
9	* This library is free for commercial and non-commercial use as long as
10	* the following conditions are aheared to. The following conditions
11	* apply to all code found in this distribution, be it the RC4, RSA,
12	* lhash, DES, etc., code; not just the SSL code. The SSL documentation
13	* included with this distribution is covered by the same copyright terms
14	* except that the holder is Tim Hudson (tjh@cryptsoft.com).
15	*
16	* Copyright remains Eric Young's, and as such any Copyright notices in
17	* the code are not to be removed.
18	* If this package is used in a product, Eric Young should be given attribution
19	* as the author of the parts of the library used.
20	* This can be in the form of a textual message at program startup or
21	* in documentation (online or textual) provided with the package.
22	*
23	* Redistribution and use in source and binary forms, with or without
24	* modification, are permitted provided that the following conditions
25	* are met:
26	* 1. Redistributions of source code must retain the copyright
27	* notice, this list of conditions and the following disclaimer.
28	* 2. Redistributions in binary form must reproduce the above copyright
29	* notice, this list of conditions and the following disclaimer in the
30	* documentation and/or other materials provided with the distribution.
31	* 3. All advertising materials mentioning features or use of this software
32	* must display the following acknowledgement:
33	* "This product includes cryptographic software written by
34	* Eric Young (eay@cryptsoft.com)"
35	* The word 'cryptographic' can be left out if the rouines from the library
36	* being used are not cryptographic related :-).
37	* 4. If you include any Windows specific code (or a derivative thereof) from
38	* the apps directory (application code) you must include an acknowledgement:
39	* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
40	*
41	* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
42	* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
43	* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
44	* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
45	* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
46	* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
47	* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
48	* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
49	* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
50	* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
51	* SUCH DAMAGE.
52	*
53	* The licence and distribution terms for any publically available version or
54	* derivative of this code cannot be changed. i.e. this code cannot simply be
55	* copied and put under another distribution licence
56	* [including the GNU Public Licence.]
57	*/
58
59	#include <stdio.h>
60	#include "cryptlib.h"
61	#include <openssl/bn.h>
62	#include <openssl/rsa.h>
63	#include <openssl/rand.h>
64	#include <openssl/engine.h>
65
66	#ifndef RSA_NULL
67
68	static int RSA_eay_public_encrypt(int flen, unsigned char *from,
69	unsigned char to, RSA rsa,int padding);
70	static int RSA_eay_private_encrypt(int flen, unsigned char *from,
71	unsigned char to, RSA rsa,int padding);
72	static int RSA_eay_public_decrypt(int flen, unsigned char *from,
73	unsigned char to, RSA rsa,int padding);
74	static int RSA_eay_private_decrypt(int flen, unsigned char *from,
75	unsigned char to, RSA rsa,int padding);
76	static int RSA_eay_mod_exp(BIGNUM r0, BIGNUM i, RSA *rsa);
77	static int RSA_eay_init(RSA *rsa);
78	static int RSA_eay_finish(RSA *rsa);
79	static RSA_METHOD rsa_pkcs1_eay_meth={
80	"Eric Young's PKCS#1 RSA",
81	RSA_eay_public_encrypt,
82	RSA_eay_public_decrypt,
83	RSA_eay_private_encrypt,
84	RSA_eay_private_decrypt,
85	RSA_eay_mod_exp,
86	BN_mod_exp_mont,
87	RSA_eay_init,
88	RSA_eay_finish,
89	0,
90	NULL,
91	};
92
93	RSA_METHOD *RSA_PKCS1_SSLeay(void)
94	{
95	return(&rsa_pkcs1_eay_meth);
96	}
97
98	static int RSA_eay_public_encrypt(int flen, unsigned char *from,
99	unsigned char to, RSA rsa, int padding)
100	{
101	const RSA_METHOD *meth;
102	BIGNUM f,ret;
103	int i,j,k,num=0,r= -1;
104	unsigned char *buf=NULL;
105	BN_CTX *ctx=NULL;
106
107	meth = ENGINE_get_RSA(rsa->engine);
108	BN_init(&f);
109	BN_init(&ret);
110	if ((ctx=BN_CTX_new()) == NULL) goto err;
111	num=BN_num_bytes(rsa->n);
112	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
113	{
114	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
115	goto err;
116	}
117
118	switch (padding)
119	{
120	case RSA_PKCS1_PADDING:
121	i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
122	break;
123	#ifndef NO_SHA
124	case RSA_PKCS1_OAEP_PADDING:
125	i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
126	break;
127	#endif
128	case RSA_SSLV23_PADDING:
129	i=RSA_padding_add_SSLv23(buf,num,from,flen);
130	break;
131	case RSA_NO_PADDING:
132	i=RSA_padding_add_none(buf,num,from,flen);
133	break;
134	default:
135	RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
136	goto err;
137	}
138	if (i <= 0) goto err;
139
140	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
141
142	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
143	{
144	if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
145	if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
146	goto err;
147	}
148
149	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
150	rsa->_method_mod_n)) goto err;
151
152	/* put in leading 0 bytes if the number is less than the
153	* length of the modulus */
154	j=BN_num_bytes(&ret);
155	i=BN_bn2bin(&ret,&(to[num-j]));
156	for (k=0; k<(num-i); k++)
157	to[k]=0;
158
159	r=num;
160	err:
161	if (ctx != NULL) BN_CTX_free(ctx);
162	BN_clear_free(&f);
163	BN_clear_free(&ret);
164	if (buf != NULL)
165	{
166	memset(buf,0,num);
167	OPENSSL_free(buf);
168	}
169	return(r);
170	}
171
172	static int RSA_eay_private_encrypt(int flen, unsigned char *from,
173	unsigned char to, RSA rsa, int padding)
174	{
175	const RSA_METHOD *meth;
176	BIGNUM f,ret;
177	int i,j,k,num=0,r= -1;
178	unsigned char *buf=NULL;
179	BN_CTX *ctx=NULL;
180
181	meth = ENGINE_get_RSA(rsa->engine);
182	BN_init(&f);
183	BN_init(&ret);
184
185	if ((ctx=BN_CTX_new()) == NULL) goto err;
186	num=BN_num_bytes(rsa->n);
187	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
188	{
189	RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
190	goto err;
191	}
192
193	switch (padding)
194	{
195	case RSA_PKCS1_PADDING:
196	i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
197	break;
198	case RSA_NO_PADDING:
199	i=RSA_padding_add_none(buf,num,from,flen);
200	break;
201	case RSA_SSLV23_PADDING:
202	default:
203	RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
204	goto err;
205	}
206	if (i <= 0) goto err;
207
208	if (BN_bin2bn(buf,num,&f) == NULL) goto err;
209
210	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
211	RSA_blinding_on(rsa,ctx);
212	if (rsa->flags & RSA_FLAG_BLINDING)
213	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
214
215	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) \|\|
216	((rsa->p != NULL) &&
217	(rsa->q != NULL) &&
218	(rsa->dmp1 != NULL) &&
219	(rsa->dmq1 != NULL) &&
220	(rsa->iqmp != NULL)) )
221	{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
222	else
223	{
224	if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
225	}
226
227	if (rsa->flags & RSA_FLAG_BLINDING)
228	if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
229
230	/* put in leading 0 bytes if the number is less than the
231	* length of the modulus */
232	j=BN_num_bytes(&ret);
233	i=BN_bn2bin(&ret,&(to[num-j]));
234	for (k=0; k<(num-i); k++)
235	to[k]=0;
236
237	r=num;
238	err:
239	if (ctx != NULL) BN_CTX_free(ctx);
240	BN_clear_free(&ret);
241	BN_clear_free(&f);
242	if (buf != NULL)
243	{
244	memset(buf,0,num);
245	OPENSSL_free(buf);
246	}
247	return(r);
248	}
249
250	static int RSA_eay_private_decrypt(int flen, unsigned char *from,
251	unsigned char to, RSA rsa, int padding)
252	{
253	const RSA_METHOD *meth;
254	BIGNUM f,ret;
255	int j,num=0,r= -1;
256	unsigned char *p;
257	unsigned char *buf=NULL;
258	BN_CTX *ctx=NULL;
259
260	meth = ENGINE_get_RSA(rsa->engine);
261	BN_init(&f);
262	BN_init(&ret);
263	ctx=BN_CTX_new();
264	if (ctx == NULL) goto err;
265
266	num=BN_num_bytes(rsa->n);
267
268	if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
269	{
270	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
271	goto err;
272	}
273
274	/* This check was for equality but PGP does evil things
275	* and chops off the top '0' bytes */
276	if (flen > num)
277	{
278	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
279	goto err;
280	}
281
282	/* make data into a big number */
283	if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
284
285	if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
286	RSA_blinding_on(rsa,ctx);
287	if (rsa->flags & RSA_FLAG_BLINDING)
288	if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
289
290	/* do the decrypt */
291	if ( (rsa->flags & RSA_FLAG_EXT_PKEY) \|\|
292	((rsa->p != NULL) &&
293	(rsa->q != NULL) &&
294	(rsa->dmp1 != NULL) &&
295	(rsa->dmq1 != NULL) &&
296	(rsa->iqmp != NULL)) )
297	{ if (!meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
298	else
299	{
300	if (!meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
301	goto err;
302	}
303
304	if (rsa->flags & RSA_FLAG_BLINDING)
305	if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
306
307	p=buf;
308	j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
309
310	switch (padding)
311	{
312	case RSA_PKCS1_PADDING:
313	r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
314	break;
315	#ifndef NO_SHA
316	case RSA_PKCS1_OAEP_PADDING:
317	r=RSA_padding_check_PKCS1_OAEP(to,num,buf,j,num,NULL,0);
318	break;
319	#endif
320	case RSA_SSLV23_PADDING:
321	r=RSA_padding_check_SSLv23(to,num,buf,j,num);
322	break;
323	case RSA_NO_PADDING:
324	r=RSA_padding_check_none(to,num,buf,j,num);
325	break;
326	default:
327	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
328	goto err;
329	}
330	if (r < 0)
331	RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
332
333	err:
334	if (ctx != NULL) BN_CTX_free(ctx);
335	BN_clear_free(&f);
336	BN_clear_free(&ret);
337	if (buf != NULL)
338	{
339	memset(buf,0,num);
340	OPENSSL_free(buf);
341	}
342	return(r);
343	}
344
345	static int RSA_eay_public_decrypt(int flen, unsigned char *from,
346	unsigned char to, RSA rsa, int padding)
347	{
348	const RSA_METHOD *meth;
349	BIGNUM f,ret;
350	int i,num=0,r= -1;
351	unsigned char *p;
352	unsigned char *buf=NULL;
353	BN_CTX *ctx=NULL;
354
355	meth = ENGINE_get_RSA(rsa->engine);
356	BN_init(&f);
357	BN_init(&ret);
358	ctx=BN_CTX_new();
359	if (ctx == NULL) goto err;
360
361	num=BN_num_bytes(rsa->n);
362	buf=(unsigned char *)OPENSSL_malloc(num);
363	if (buf == NULL)
364	{
365	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
366	goto err;
367	}
368
369	/* This check was for equality but PGP does evil things
370	* and chops off the top '0' bytes */
371	if (flen > num)
372	{
373	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
374	goto err;
375	}
376
377	if (BN_bin2bn(from,flen,&f) == NULL) goto err;
378	/* do the decrypt */
379	if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
380	{
381	if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
382	if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
383	goto err;
384	}
385
386	if (!meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
387	rsa->_method_mod_n)) goto err;
388
389	p=buf;
390	i=BN_bn2bin(&ret,p);
391
392	switch (padding)
393	{
394	case RSA_PKCS1_PADDING:
395	r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
396	break;
397	case RSA_NO_PADDING:
398	r=RSA_padding_check_none(to,num,buf,i,num);
399	break;
400	default:
401	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
402	goto err;
403	}
404	if (r < 0)
405	RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
406
407	err:
408	if (ctx != NULL) BN_CTX_free(ctx);
409	BN_clear_free(&f);
410	BN_clear_free(&ret);
411	if (buf != NULL)
412	{
413	memset(buf,0,num);
414	OPENSSL_free(buf);
415	}
416	return(r);
417	}
418
419	static int RSA_eay_mod_exp(BIGNUM r0, BIGNUM I, RSA *rsa)
420	{
421	const RSA_METHOD *meth;
422	BIGNUM r1,m1,vrfy;
423	int ret=0;
424	BN_CTX *ctx;
425
426	meth = ENGINE_get_RSA(rsa->engine);
427	if ((ctx=BN_CTX_new()) == NULL) goto err;
428	BN_init(&m1);
429	BN_init(&r1);
430	BN_init(&vrfy);
431
432	if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
433	{
434	if (rsa->_method_mod_p == NULL)
435	{
436	if ((rsa->_method_mod_p=BN_MONT_CTX_new()) != NULL)
437	if (!BN_MONT_CTX_set(rsa->_method_mod_p,rsa->p,
438	ctx))
439	goto err;
440	}
441	if (rsa->_method_mod_q == NULL)
442	{
443	if ((rsa->_method_mod_q=BN_MONT_CTX_new()) != NULL)
444	if (!BN_MONT_CTX_set(rsa->_method_mod_q,rsa->q,
445	ctx))
446	goto err;
447	}
448	}
449
450	if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
451	if (!meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
452	rsa->_method_mod_q)) goto err;
453
454	if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
455	if (!meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
456	rsa->_method_mod_p)) goto err;
457
458	if (!BN_sub(r0,r0,&m1)) goto err;
459	/* This will help stop the size of r0 increasing, which does
460	* affect the multiply if it optimised for a power of 2 size */
461	if (r0->neg)
462	if (!BN_add(r0,r0,rsa->p)) goto err;
463
464	if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
465	if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
466	/* If p < q it is occasionally possible for the correction of
467	* adding 'p' if r0 is negative above to leave the result still
468	* negative. This can break the private key operations: the following
469	* second correction should always correct this rare occurrence.
470	* This will never happen with OpenSSL generated keys because
471	* they ensure p > q [steve]
472	*/
473	if (r0->neg)
474	if (!BN_add(r0,r0,rsa->p)) goto err;
475	if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
476	if (!BN_add(r0,&r1,&m1)) goto err;
477
478	if (rsa->e && rsa->n)
479	{
480	if (!meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
481	if (BN_cmp(I, &vrfy) != 0)
482	{
483	if (!meth->bn_mod_exp(r0,I,rsa->d,rsa->n,ctx,NULL)) goto err;
484	}
485	}
486	ret=1;
487	err:
488	BN_clear_free(&m1);
489	BN_clear_free(&r1);
490	BN_clear_free(&vrfy);
491	BN_CTX_free(ctx);
492	return(ret);
493	}
494
495	static int RSA_eay_init(RSA *rsa)
496	{
497	rsa->flags\|=RSA_FLAG_CACHE_PUBLIC\|RSA_FLAG_CACHE_PRIVATE;
498	return(1);
499	}
500
501	static int RSA_eay_finish(RSA *rsa)
502	{
503	if (rsa->_method_mod_n != NULL)
504	BN_MONT_CTX_free(rsa->_method_mod_n);
505	if (rsa->_method_mod_p != NULL)
506	BN_MONT_CTX_free(rsa->_method_mod_p);
507	if (rsa->_method_mod_q != NULL)
508	BN_MONT_CTX_free(rsa->_method_mod_q);
509	return(1);
510	}
511
512	#endif