1 files changed, 112 insertions, 80 deletions
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 28c5571e74..2a440901de 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -58,79 +58,92 @@
 #include <stdio.h>
 #include "cryptlib.h"
-#include "bn.h"
+#include <openssl/bn.h>
-#include "rsa.h"
+#include <openssl/rsa.h>
-#include "objects.h"
+#include <openssl/objects.h>
-#include "x509.h"
+#include <openssl/x509.h>
+#include <openssl/engine.h>
-int RSA_sign(type,m,m_len,sigret,siglen,rsa)
-int type;
+/* Size of an SSL signature: MD5+SHA1 */
-unsigned char *m;
+#define SSL_SIG_LENGTH  36
-unsigned int m_len;
-unsigned char *sigret;
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-unsigned int *siglen;
+             unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-RSA *rsa;
        {
        X509_SIG sig;
        ASN1_TYPE parameter;
        int i,j,ret=1;
-        unsigned char *p,*s;
+        unsigned char *p, *tmps = NULL;
+        const unsigned char *s = NULL;
        X509_ALGOR algor;
        ASN1_OCTET_STRING digest;
+        if((rsa->flags & RSA_FLAG_SIGN_VER)
-        sig.algor= &algor;
+              && ENGINE_get_RSA(rsa->engine)->rsa_sign)
-        sig.algor->algorithm=OBJ_nid2obj(type);
+              return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
-        if (sig.algor->algorithm == NULL)
+                        m, m_len, sigret, siglen, rsa);
-                {
+        /* Special case: SSL signature, just check the length */
-                RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+        if(type == NID_md5_sha1) {
-                return(0);
+                if(m_len != SSL_SIG_LENGTH) {
-                }
+                        RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
-        if (sig.algor->algorithm->length == 0)
+                        return(0);
-                {
-                RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-                return(0);
                }
-        parameter.type=V_ASN1_NULL;
+                i = SSL_SIG_LENGTH;
-        parameter.value.ptr=NULL;
+                s = m;
-        sig.algor->parameter= &parameter;
+        } else {
+                sig.algor= &algor;
+                sig.algor->algorithm=OBJ_nid2obj(type);
+                if (sig.algor->algorithm == NULL)
+                        {
+                        RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
+                        return(0);
+                        }
+                if (sig.algor->algorithm->length == 0)
+                        {
+                        RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+                        return(0);
+                        }
+                parameter.type=V_ASN1_NULL;
+                parameter.value.ptr=NULL;
+                sig.algor->parameter= &parameter;
-        sig.digest= &digest;
+                sig.digest= &digest;
-        sig.digest->data=m;
+                sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
-        sig.digest->length=m_len;
+                sig.digest->length=m_len;
-        i=i2d_X509_SIG(&sig,NULL);
+                i=i2d_X509_SIG(&sig,NULL);
+        }
        j=RSA_size(rsa);
        if ((i-RSA_PKCS1_PADDING) > j)
                {
                RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
                return(0);
                }
-        s=(unsigned char *)Malloc((unsigned int)j+1);
+        if(type != NID_md5_sha1) {
-        if (s == NULL)
+                tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
-                {
+                if (tmps == NULL)
-                RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
+                        {
-                return(0);
+                        RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-                }
+                        return(0);
-        p=s;
+                        }
-        i2d_X509_SIG(&sig,&p);
+                p=tmps;
+                i2d_X509_SIG(&sig,&p);
+                s=tmps;
+        }
        i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
        if (i <= 0)
                ret=0;
        else
                *siglen=i;
-        memset(s,0,(unsigned int)j+1);
+        if(type != NID_md5_sha1) {
-        Free(s);
+                memset(tmps,0,(unsigned int)j+1);
+                OPENSSL_free(tmps);
+        }
        return(ret);
        }
-int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa)
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-int dtype;
+             unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
-unsigned char *m;
-unsigned int m_len;
-unsigned char *sigbuf;
-unsigned int siglen;
-RSA *rsa;
        {
        int i,ret=0,sigtype;
        unsigned char *p,*s;
@@ -142,55 +155,74 @@ RSA *rsa;
                return(0);
                }
-        s=(unsigned char *)Malloc((unsigned int)siglen);
+        if((rsa->flags & RSA_FLAG_SIGN_VER)
+            && ENGINE_get_RSA(rsa->engine)->rsa_verify)
+            return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
+                        m, m_len, sigbuf, siglen, rsa);
+        s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
        if (s == NULL)
                {
                RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
                goto err;
                }
+        if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
+                        return(0);
+        }
        i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
        if (i <= 0) goto err;
-        p=s;
+        /* Special case: SSL signature */
-        sig=d2i_X509_SIG(NULL,&p,(long)i);
+        if(dtype == NID_md5_sha1) {
-        if (sig == NULL) goto err;
+                if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-        sigtype=OBJ_obj2nid(sig->algor->algorithm);
+                                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+                else ret = 1;
+        } else {
+                p=s;
+                sig=d2i_X509_SIG(NULL,&p,(long)i);
-#ifdef RSA_DEBUG
+                if (sig == NULL) goto err;
-        /* put a backward compatability flag in EAY */
+                sigtype=OBJ_obj2nid(sig->algor->algorithm);
-        fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-                OBJ_nid2ln(dtype));
-#endif
+        #ifdef RSA_DEBUG
-        if (sigtype != dtype)
+                /* put a backward compatibility flag in EAY */
-                {
+                fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-                if (((dtype == NID_md5) &&
+                        OBJ_nid2ln(dtype));
-                        (sigtype == NID_md5WithRSAEncryption)) ||
+        #endif
-                        ((dtype == NID_md2) &&
+                if (sigtype != dtype)
-                        (sigtype == NID_md2WithRSAEncryption)))
                        {
-                        /* ok, we will let it through */
+                        if (((dtype == NID_md5) &&
-#if !defined(NO_STDIO) && !defined(WIN16)
+                                (sigtype == NID_md5WithRSAEncryption)) ||
-                        fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
+                                ((dtype == NID_md2) &&
+                                (sigtype == NID_md2WithRSAEncryption)))
+                                {
+                                /* ok, we will let it through */
+#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
+                                fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
 #endif
+                                }
+                        else
+                                {
+                                RSAerr(RSA_F_RSA_VERIFY,
+                                                RSA_R_ALGORITHM_MISMATCH);
+                                goto err;
+                                }
                        }
-                else
+                if (    ((unsigned int)sig->digest->length != m_len) ||
+                        (memcmp(m,sig->digest->data,m_len) != 0))
                        {
-                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH);
+                        RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                        goto err;
                        }
-                }
+                else
-        if (    ((unsigned int)sig->digest->length != m_len) ||
+                        ret=1;
-                (memcmp(m,sig->digest->data,m_len) != 0))
+        }
-                {
-                RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-                }
-        else
-                ret=1;
 err:
        if (sig != NULL) X509_SIG_free(sig);
        memset(s,0,(unsigned int)siglen);
-        Free(s);
+        OPENSSL_free(s);
        return(ret);
        }

diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 28c5571e74..2a440901de 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -58,79 +58,92 @@
58		58
59	#include <stdio.h>	59	#include <stdio.h>
60	#include "cryptlib.h"	60	#include "cryptlib.h"
61	#include "bn.h"	61	#include <openssl/bn.h>
62	#include "rsa.h"	62	#include <openssl/rsa.h>
63	#include "objects.h"	63	#include <openssl/objects.h>
64	#include "x509.h"	64	#include <openssl/x509.h>
65		65	#include <openssl/engine.h>
66	int RSA_sign(type,m,m_len,sigret,siglen,rsa)	66
67	int type;	67	/* Size of an SSL signature: MD5+SHA1 */
68	unsigned char *m;	68	#define SSL_SIG_LENGTH 36
69	unsigned int m_len;	69
70	unsigned char *sigret;	70	int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
71	unsigned int *siglen;	71	unsigned char sigret, unsigned int siglen, RSA *rsa)
72	RSA *rsa;
73	{	72	{
74	X509_SIG sig;	73	X509_SIG sig;
75	ASN1_TYPE parameter;	74	ASN1_TYPE parameter;
76	int i,j,ret=1;	75	int i,j,ret=1;
77	unsigned char p,s;	76	unsigned char p, tmps = NULL;
		77	const unsigned char *s = NULL;
78	X509_ALGOR algor;	78	X509_ALGOR algor;
79	ASN1_OCTET_STRING digest;	79	ASN1_OCTET_STRING digest;
80		80	if((rsa->flags & RSA_FLAG_SIGN_VER)
81	sig.algor= &algor;	81	&& ENGINE_get_RSA(rsa->engine)->rsa_sign)
82	sig.algor->algorithm=OBJ_nid2obj(type);	82	return ENGINE_get_RSA(rsa->engine)->rsa_sign(type,
83	if (sig.algor->algorithm == NULL)	83	m, m_len, sigret, siglen, rsa);
84	{	84	/* Special case: SSL signature, just check the length */
85	RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);	85	if(type == NID_md5_sha1) {
86	return(0);	86	if(m_len != SSL_SIG_LENGTH) {
87	}	87	RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
88	if (sig.algor->algorithm->length == 0)	88	return(0);
89	{
90	RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
91	return(0);
92	}	89	}
93	parameter.type=V_ASN1_NULL;	90	i = SSL_SIG_LENGTH;
94	parameter.value.ptr=NULL;	91	s = m;
95	sig.algor->parameter= &parameter;	92	} else {
		93	sig.algor= &algor;
		94	sig.algor->algorithm=OBJ_nid2obj(type);
		95	if (sig.algor->algorithm == NULL)
		96	{
		97	RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
		98	return(0);
		99	}
		100	if (sig.algor->algorithm->length == 0)
		101	{
		102	RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
		103	return(0);
		104	}
		105	parameter.type=V_ASN1_NULL;
		106	parameter.value.ptr=NULL;
		107	sig.algor->parameter= &parameter;
96		108
97	sig.digest= &digest;	109	sig.digest= &digest;
98	sig.digest->data=m;	110	sig.digest->data=(unsigned char )m; / TMP UGLY CAST */
99	sig.digest->length=m_len;	111	sig.digest->length=m_len;
100		112
101	i=i2d_X509_SIG(&sig,NULL);	113	i=i2d_X509_SIG(&sig,NULL);
		114	}
102	j=RSA_size(rsa);	115	j=RSA_size(rsa);
103	if ((i-RSA_PKCS1_PADDING) > j)	116	if ((i-RSA_PKCS1_PADDING) > j)
104	{	117	{
105	RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);	118	RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
106	return(0);	119	return(0);
107	}	120	}
108	s=(unsigned char *)Malloc((unsigned int)j+1);	121	if(type != NID_md5_sha1) {
109	if (s == NULL)	122	tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);
110	{	123	if (tmps == NULL)
111	RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);	124	{
112	return(0);	125	RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
113	}	126	return(0);
114	p=s;	127	}
115	i2d_X509_SIG(&sig,&p);	128	p=tmps;
		129	i2d_X509_SIG(&sig,&p);
		130	s=tmps;
		131	}
116	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);	132	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
117	if (i <= 0)	133	if (i <= 0)
118	ret=0;	134	ret=0;
119	else	135	else
120	*siglen=i;	136	*siglen=i;
121		137
122	memset(s,0,(unsigned int)j+1);	138	if(type != NID_md5_sha1) {
123	Free(s);	139	memset(tmps,0,(unsigned int)j+1);
		140	OPENSSL_free(tmps);
		141	}
124	return(ret);	142	return(ret);
125	}	143	}
126		144
127	int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa)	145	int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
128	int dtype;	146	unsigned char sigbuf, unsigned int siglen, RSA rsa)
129	unsigned char *m;
130	unsigned int m_len;
131	unsigned char *sigbuf;
132	unsigned int siglen;
133	RSA *rsa;
134	{	147	{
135	int i,ret=0,sigtype;	148	int i,ret=0,sigtype;
136	unsigned char p,s;	149	unsigned char p,s;
@@ -142,55 +155,74 @@ RSA *rsa;
142	return(0);	155	return(0);
143	}	156	}
144		157
145	s=(unsigned char *)Malloc((unsigned int)siglen);	158	if((rsa->flags & RSA_FLAG_SIGN_VER)
		159	&& ENGINE_get_RSA(rsa->engine)->rsa_verify)
		160	return ENGINE_get_RSA(rsa->engine)->rsa_verify(dtype,
		161	m, m_len, sigbuf, siglen, rsa);
		162
		163	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
146	if (s == NULL)	164	if (s == NULL)
147	{	165	{
148	RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);	166	RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
149	goto err;	167	goto err;
150	}	168	}
		169	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
		170	RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
		171	return(0);
		172	}
151	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);	173	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
152		174
153	if (i <= 0) goto err;	175	if (i <= 0) goto err;
154		176
155	p=s;	177	/* Special case: SSL signature */
156	sig=d2i_X509_SIG(NULL,&p,(long)i);	178	if(dtype == NID_md5_sha1) {
157	if (sig == NULL) goto err;	179	if((i != SSL_SIG_LENGTH) \|\| memcmp(s, m, SSL_SIG_LENGTH))
158	sigtype=OBJ_obj2nid(sig->algor->algorithm);	180	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
		181	else ret = 1;
		182	} else {
		183	p=s;
		184	sig=d2i_X509_SIG(NULL,&p,(long)i);
159		185
160	#ifdef RSA_DEBUG	186	if (sig == NULL) goto err;
161	/* put a backward compatability flag in EAY */	187	sigtype=OBJ_obj2nid(sig->algor->algorithm);
162	fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),	188
163	OBJ_nid2ln(dtype));	189
164	#endif	190	#ifdef RSA_DEBUG
165	if (sigtype != dtype)	191	/* put a backward compatibility flag in EAY */
166	{	192	fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
167	if (((dtype == NID_md5) &&	193	OBJ_nid2ln(dtype));
168	(sigtype == NID_md5WithRSAEncryption)) \|\|	194	#endif
169	((dtype == NID_md2) &&	195	if (sigtype != dtype)
170	(sigtype == NID_md2WithRSAEncryption)))
171	{	196	{
172	/* ok, we will let it through */	197	if (((dtype == NID_md5) &&
173	#if !defined(NO_STDIO) && !defined(WIN16)	198	(sigtype == NID_md5WithRSAEncryption)) \|\|
174	fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");	199	((dtype == NID_md2) &&
		200	(sigtype == NID_md2WithRSAEncryption)))
		201	{
		202	/* ok, we will let it through */
		203	#if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)
		204	fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
175	#endif	205	#endif
		206	}
		207	else
		208	{
		209	RSAerr(RSA_F_RSA_VERIFY,
		210	RSA_R_ALGORITHM_MISMATCH);
		211	goto err;
		212	}
176	}	213	}
177	else	214	if ( ((unsigned int)sig->digest->length != m_len) \|\|
		215	(memcmp(m,sig->digest->data,m_len) != 0))
178	{	216	{
179	RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH);	217	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
180	goto err;
181	}	218	}
182	}	219	else
183	if ( ((unsigned int)sig->digest->length != m_len) \|\|	220	ret=1;
184	(memcmp(m,sig->digest->data,m_len) != 0))	221	}
185	{
186	RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
187	}
188	else
189	ret=1;
190	err:	222	err:
191	if (sig != NULL) X509_SIG_free(sig);	223	if (sig != NULL) X509_SIG_free(sig);
192	memset(s,0,(unsigned int)siglen);	224	memset(s,0,(unsigned int)siglen);
193	Free(s);	225	OPENSSL_free(s);
194	return(ret);	226	return(ret);
195	}	227	}
196		228