summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/Makefile39
-rw-r--r--src/lib/libcrypto/rsa/rsa.h79
-rw-r--r--src/lib/libcrypto/rsa/rsa_asn1.c10
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c21
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c15
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c172
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c6
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c33
8 files changed, 202 insertions, 173 deletions
diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
index bb64223e05..f798d2f749 100644
--- a/src/lib/libcrypto/rsa/Makefile
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -20,11 +20,11 @@ LIB=$(TOP)/libcrypto.a
20LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ 20LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
21 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \ 21 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
22 rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \ 22 rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
23 rsa_pmeth.c 23 rsa_pmeth.c rsa_crpt.c
24LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ 24LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
25 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \ 25 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
26 rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \ 26 rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
27 rsa_pmeth.o 27 rsa_pmeth.o rsa_crpt.o
28 28
29SRC= $(LIBSRC) 29SRC= $(LIBSRC)
30 30
@@ -100,11 +100,16 @@ rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
100rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h 100rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
101rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 101rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
102rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 102rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
103rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h 103rsa_asn1.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
104rsa_asn1.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
105rsa_asn1.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
106rsa_asn1.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
104rsa_asn1.o: ../../include/openssl/opensslconf.h 107rsa_asn1.o: ../../include/openssl/opensslconf.h
105rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 108rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
106rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 109rsa_asn1.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
110rsa_asn1.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
107rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 111rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
112rsa_asn1.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
108rsa_asn1.o: ../cryptlib.h rsa_asn1.c 113rsa_asn1.o: ../cryptlib.h rsa_asn1.c
109rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h 114rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
110rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h 115rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
@@ -114,6 +119,21 @@ rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
114rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h 119rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
115rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h 120rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
116rsa_chk.o: rsa_chk.c 121rsa_chk.o: rsa_chk.c
122rsa_crpt.o: ../../e_os.h ../../include/openssl/asn1.h
123rsa_crpt.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
124rsa_crpt.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
125rsa_crpt.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
126rsa_crpt.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
127rsa_crpt.o: ../../include/openssl/engine.h ../../include/openssl/err.h
128rsa_crpt.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
129rsa_crpt.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
130rsa_crpt.o: ../../include/openssl/opensslconf.h
131rsa_crpt.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
132rsa_crpt.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
133rsa_crpt.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
134rsa_crpt.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
135rsa_crpt.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
136rsa_crpt.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_crpt.c
117rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h 137rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
118rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h 138rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
119rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h 139rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -205,11 +225,12 @@ rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
205rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h 225rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
206rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h 226rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
207rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h 227rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
208rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h 228rsa_pmeth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
209rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h 229rsa_pmeth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
210rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h 230rsa_pmeth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
211rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h 231rsa_pmeth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
212rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h 232rsa_pmeth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
233rsa_pmeth.o: ../../include/openssl/objects.h
213rsa_pmeth.o: ../../include/openssl/opensslconf.h 234rsa_pmeth.o: ../../include/openssl/opensslconf.h
214rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h 235rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
215rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h 236rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index cf74343657..4814a2fc15 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -222,12 +222,22 @@ struct rsa_st
222 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \ 222 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
223 pad, NULL) 223 pad, NULL)
224 224
225#define EVP_PKEY_CTX_get_rsa_padding(ctx, ppad) \
226 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, \
227 EVP_PKEY_CTRL_GET_RSA_PADDING, 0, ppad)
228
225#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \ 229#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
226 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \ 230 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
227 (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \ 231 (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
228 EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \ 232 EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
229 len, NULL) 233 len, NULL)
230 234
235#define EVP_PKEY_CTX_get_rsa_pss_saltlen(ctx, plen) \
236 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
237 (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
238 EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN, \
239 0, plen)
240
231#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \ 241#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
232 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ 242 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
233 EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL) 243 EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
@@ -236,11 +246,24 @@ struct rsa_st
236 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \ 246 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
237 EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp) 247 EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
238 248
249#define EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md) \
250 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \
251 EVP_PKEY_CTRL_RSA_MGF1_MD, 0, (void *)md)
252
253#define EVP_PKEY_CTX_get_rsa_mgf1_md(ctx, pmd) \
254 EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_TYPE_SIG, \
255 EVP_PKEY_CTRL_GET_RSA_MGF1_MD, 0, (void *)pmd)
256
239#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1) 257#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
240#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2) 258#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
241 259
242#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3) 260#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
243#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4) 261#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
262#define EVP_PKEY_CTRL_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 5)
263
264#define EVP_PKEY_CTRL_GET_RSA_PADDING (EVP_PKEY_ALG_CTRL + 6)
265#define EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 7)
266#define EVP_PKEY_CTRL_GET_RSA_MGF1_MD (EVP_PKEY_ALG_CTRL + 8)
244 267
245#define RSA_PKCS1_PADDING 1 268#define RSA_PKCS1_PADDING 1
246#define RSA_SSLV23_PADDING 2 269#define RSA_SSLV23_PADDING 2
@@ -300,6 +323,16 @@ const RSA_METHOD *RSA_null_method(void);
300DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey) 323DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPublicKey)
301DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey) 324DECLARE_ASN1_ENCODE_FUNCTIONS_const(RSA, RSAPrivateKey)
302 325
326typedef struct rsa_pss_params_st
327 {
328 X509_ALGOR *hashAlgorithm;
329 X509_ALGOR *maskGenAlgorithm;
330 ASN1_INTEGER *saltLength;
331 ASN1_INTEGER *trailerField;
332 } RSA_PSS_PARAMS;
333
334DECLARE_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
335
303#ifndef OPENSSL_NO_FP_API 336#ifndef OPENSSL_NO_FP_API
304int RSA_print_fp(FILE *fp, const RSA *r,int offset); 337int RSA_print_fp(FILE *fp, const RSA *r,int offset);
305#endif 338#endif
@@ -380,6 +413,14 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
380 const unsigned char *mHash, 413 const unsigned char *mHash,
381 const EVP_MD *Hash, int sLen); 414 const EVP_MD *Hash, int sLen);
382 415
416int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
417 const EVP_MD *Hash, const EVP_MD *mgf1Hash,
418 const unsigned char *EM, int sLen);
419
420int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
421 const unsigned char *mHash,
422 const EVP_MD *Hash, const EVP_MD *mgf1Hash, int sLen);
423
383int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, 424int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
384 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func); 425 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
385int RSA_set_ex_data(RSA *r,int idx,void *arg); 426int RSA_set_ex_data(RSA *r,int idx,void *arg);
@@ -388,6 +429,25 @@ void *RSA_get_ex_data(const RSA *r, int idx);
388RSA *RSAPublicKey_dup(RSA *rsa); 429RSA *RSAPublicKey_dup(RSA *rsa);
389RSA *RSAPrivateKey_dup(RSA *rsa); 430RSA *RSAPrivateKey_dup(RSA *rsa);
390 431
432/* If this flag is set the RSA method is FIPS compliant and can be used
433 * in FIPS mode. This is set in the validated module method. If an
434 * application sets this flag in its own methods it is its responsibility
435 * to ensure the result is compliant.
436 */
437
438#define RSA_FLAG_FIPS_METHOD 0x0400
439
440/* If this flag is set the operations normally disabled in FIPS mode are
441 * permitted it is then the applications responsibility to ensure that the
442 * usage is compliant.
443 */
444
445#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
446/* Application has decided PRNG is good enough to generate a key: don't
447 * check.
448 */
449#define RSA_FLAG_CHECKED 0x0800
450
391/* BEGIN ERROR CODES */ 451/* BEGIN ERROR CODES */
392/* The following lines are auto generated by the script mkerr.pl. Any changes 452/* The following lines are auto generated by the script mkerr.pl. Any changes
393 * made after this point may be overwritten when the script is next run. 453 * made after this point may be overwritten when the script is next run.
@@ -405,6 +465,7 @@ void ERR_load_RSA_strings(void);
405#define RSA_F_PKEY_RSA_CTRL 143 465#define RSA_F_PKEY_RSA_CTRL 143
406#define RSA_F_PKEY_RSA_CTRL_STR 144 466#define RSA_F_PKEY_RSA_CTRL_STR 144
407#define RSA_F_PKEY_RSA_SIGN 142 467#define RSA_F_PKEY_RSA_SIGN 142
468#define RSA_F_PKEY_RSA_VERIFY 154
408#define RSA_F_PKEY_RSA_VERIFYRECOVER 141 469#define RSA_F_PKEY_RSA_VERIFYRECOVER 141
409#define RSA_F_RSA_BUILTIN_KEYGEN 129 470#define RSA_F_RSA_BUILTIN_KEYGEN 129
410#define RSA_F_RSA_CHECK_KEY 123 471#define RSA_F_RSA_CHECK_KEY 123
@@ -413,6 +474,8 @@ void ERR_load_RSA_strings(void);
413#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 474#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
414#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 475#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
415#define RSA_F_RSA_GENERATE_KEY 105 476#define RSA_F_RSA_GENERATE_KEY 105
477#define RSA_F_RSA_GENERATE_KEY_EX 155
478#define RSA_F_RSA_ITEM_VERIFY 156
416#define RSA_F_RSA_MEMORY_LOCK 130 479#define RSA_F_RSA_MEMORY_LOCK 130
417#define RSA_F_RSA_NEW_METHOD 106 480#define RSA_F_RSA_NEW_METHOD 106
418#define RSA_F_RSA_NULL 124 481#define RSA_F_RSA_NULL 124
@@ -424,6 +487,7 @@ void ERR_load_RSA_strings(void);
424#define RSA_F_RSA_PADDING_ADD_NONE 107 487#define RSA_F_RSA_PADDING_ADD_NONE 107
425#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 488#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
426#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 489#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
490#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1 148
427#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 491#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
428#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 492#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
429#define RSA_F_RSA_PADDING_ADD_SSLV23 110 493#define RSA_F_RSA_PADDING_ADD_SSLV23 110
@@ -436,8 +500,12 @@ void ERR_load_RSA_strings(void);
436#define RSA_F_RSA_PADDING_CHECK_X931 128 500#define RSA_F_RSA_PADDING_CHECK_X931 128
437#define RSA_F_RSA_PRINT 115 501#define RSA_F_RSA_PRINT 115
438#define RSA_F_RSA_PRINT_FP 116 502#define RSA_F_RSA_PRINT_FP 116
503#define RSA_F_RSA_PRIVATE_DECRYPT 150
504#define RSA_F_RSA_PRIVATE_ENCRYPT 151
439#define RSA_F_RSA_PRIV_DECODE 137 505#define RSA_F_RSA_PRIV_DECODE 137
440#define RSA_F_RSA_PRIV_ENCODE 138 506#define RSA_F_RSA_PRIV_ENCODE 138
507#define RSA_F_RSA_PUBLIC_DECRYPT 152
508#define RSA_F_RSA_PUBLIC_ENCRYPT 153
441#define RSA_F_RSA_PUB_DECODE 139 509#define RSA_F_RSA_PUB_DECODE 139
442#define RSA_F_RSA_SETUP_BLINDING 136 510#define RSA_F_RSA_SETUP_BLINDING 136
443#define RSA_F_RSA_SIGN 117 511#define RSA_F_RSA_SIGN 117
@@ -445,6 +513,7 @@ void ERR_load_RSA_strings(void);
445#define RSA_F_RSA_VERIFY 119 513#define RSA_F_RSA_VERIFY 119
446#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 514#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
447#define RSA_F_RSA_VERIFY_PKCS1_PSS 126 515#define RSA_F_RSA_VERIFY_PKCS1_PSS 126
516#define RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1 149
448 517
449/* Reason codes. */ 518/* Reason codes. */
450#define RSA_R_ALGORITHM_MISMATCH 100 519#define RSA_R_ALGORITHM_MISMATCH 100
@@ -470,19 +539,24 @@ void ERR_load_RSA_strings(void);
470#define RSA_R_INVALID_HEADER 137 539#define RSA_R_INVALID_HEADER 137
471#define RSA_R_INVALID_KEYBITS 145 540#define RSA_R_INVALID_KEYBITS 145
472#define RSA_R_INVALID_MESSAGE_LENGTH 131 541#define RSA_R_INVALID_MESSAGE_LENGTH 131
542#define RSA_R_INVALID_MGF1_MD 156
473#define RSA_R_INVALID_PADDING 138 543#define RSA_R_INVALID_PADDING 138
474#define RSA_R_INVALID_PADDING_MODE 141 544#define RSA_R_INVALID_PADDING_MODE 141
545#define RSA_R_INVALID_PSS_PARAMETERS 149
475#define RSA_R_INVALID_PSS_SALTLEN 146 546#define RSA_R_INVALID_PSS_SALTLEN 146
547#define RSA_R_INVALID_SALT_LENGTH 150
476#define RSA_R_INVALID_TRAILER 139 548#define RSA_R_INVALID_TRAILER 139
477#define RSA_R_INVALID_X931_DIGEST 142 549#define RSA_R_INVALID_X931_DIGEST 142
478#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 550#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
479#define RSA_R_KEY_SIZE_TOO_SMALL 120 551#define RSA_R_KEY_SIZE_TOO_SMALL 120
480#define RSA_R_LAST_OCTET_INVALID 134 552#define RSA_R_LAST_OCTET_INVALID 134
481#define RSA_R_MODULUS_TOO_LARGE 105 553#define RSA_R_MODULUS_TOO_LARGE 105
554#define RSA_R_NON_FIPS_RSA_METHOD 157
482#define RSA_R_NO_PUBLIC_EXPONENT 140 555#define RSA_R_NO_PUBLIC_EXPONENT 140
483#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 556#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
484#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 557#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
485#define RSA_R_OAEP_DECODING_ERROR 121 558#define RSA_R_OAEP_DECODING_ERROR 121
559#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 158
486#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148 560#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
487#define RSA_R_PADDING_CHECK_FAILED 114 561#define RSA_R_PADDING_CHECK_FAILED 114
488#define RSA_R_P_NOT_PRIME 128 562#define RSA_R_P_NOT_PRIME 128
@@ -493,7 +567,12 @@ void ERR_load_RSA_strings(void);
493#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 567#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
494#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 568#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
495#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 569#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
570#define RSA_R_UNKNOWN_MASK_DIGEST 151
496#define RSA_R_UNKNOWN_PADDING_TYPE 118 571#define RSA_R_UNKNOWN_PADDING_TYPE 118
572#define RSA_R_UNKNOWN_PSS_DIGEST 152
573#define RSA_R_UNSUPPORTED_MASK_ALGORITHM 153
574#define RSA_R_UNSUPPORTED_MASK_PARAMETER 154
575#define RSA_R_UNSUPPORTED_SIGNATURE_TYPE 155
497#define RSA_R_VALUE_MISSING 147 576#define RSA_R_VALUE_MISSING 147
498#define RSA_R_WRONG_SIGNATURE_LENGTH 119 577#define RSA_R_WRONG_SIGNATURE_LENGTH 119
499 578
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index 4efca8cdc8..6ed5de3db4 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -60,6 +60,7 @@
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include <openssl/bn.h> 61#include <openssl/bn.h>
62#include <openssl/rsa.h> 62#include <openssl/rsa.h>
63#include <openssl/x509.h>
63#include <openssl/asn1t.h> 64#include <openssl/asn1t.h>
64 65
65/* Override the default free and new methods */ 66/* Override the default free and new methods */
@@ -96,6 +97,15 @@ ASN1_SEQUENCE_cb(RSAPublicKey, rsa_cb) = {
96 ASN1_SIMPLE(RSA, e, BIGNUM), 97 ASN1_SIMPLE(RSA, e, BIGNUM),
97} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey) 98} ASN1_SEQUENCE_END_cb(RSA, RSAPublicKey)
98 99
100ASN1_SEQUENCE(RSA_PSS_PARAMS) = {
101 ASN1_EXP_OPT(RSA_PSS_PARAMS, hashAlgorithm, X509_ALGOR,0),
102 ASN1_EXP_OPT(RSA_PSS_PARAMS, maskGenAlgorithm, X509_ALGOR,1),
103 ASN1_EXP_OPT(RSA_PSS_PARAMS, saltLength, ASN1_INTEGER,2),
104 ASN1_EXP_OPT(RSA_PSS_PARAMS, trailerField, ASN1_INTEGER,3)
105} ASN1_SEQUENCE_END(RSA_PSS_PARAMS)
106
107IMPLEMENT_ASN1_FUNCTIONS(RSA_PSS_PARAMS)
108
99IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey) 109IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPrivateKey, RSAPrivateKey)
100 110
101IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey) 111IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(RSA, RSAPublicKey, RSAPublicKey)
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index cf9f1106b0..46e0bf9980 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/rsa/rsa_err.c */ 1/* crypto/rsa/rsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2011 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -78,6 +78,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
78{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"}, 78{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
79{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"}, 79{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
80{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"}, 80{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
81{ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
81{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, 82{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
82{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, 83{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
83{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, 84{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
@@ -86,6 +87,8 @@ static ERR_STRING_DATA RSA_str_functs[]=
86{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, 87{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
87{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, 88{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
88{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, 89{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
90{ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
91{ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
89{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"}, 92{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
90{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, 93{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
91{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, 94{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
@@ -97,6 +100,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
97{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, 100{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
98{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, 101{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
99{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, 102{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
103{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1), "RSA_padding_add_PKCS1_PSS_mgf1"},
100{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"}, 104{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
101{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"}, 105{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
102{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"}, 106{ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23), "RSA_padding_add_SSLv23"},
@@ -109,8 +113,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
109{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, 113{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
110{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, 114{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
111{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, 115{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
116{ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
117{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
112{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"}, 118{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
113{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"}, 119{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
120{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
121{ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
114{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"}, 122{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
115{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, 123{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
116{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, 124{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
@@ -118,6 +126,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
118{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, 126{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
119{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"}, 127{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
120{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"}, 128{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
129{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
121{0,NULL} 130{0,NULL}
122 }; 131 };
123 132
@@ -146,19 +155,24 @@ static ERR_STRING_DATA RSA_str_reasons[]=
146{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, 155{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
147{ERR_REASON(RSA_R_INVALID_KEYBITS) ,"invalid keybits"}, 156{ERR_REASON(RSA_R_INVALID_KEYBITS) ,"invalid keybits"},
148{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, 157{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
158{ERR_REASON(RSA_R_INVALID_MGF1_MD) ,"invalid mgf1 md"},
149{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, 159{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
150{ERR_REASON(RSA_R_INVALID_PADDING_MODE) ,"invalid padding mode"}, 160{ERR_REASON(RSA_R_INVALID_PADDING_MODE) ,"invalid padding mode"},
161{ERR_REASON(RSA_R_INVALID_PSS_PARAMETERS),"invalid pss parameters"},
151{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) ,"invalid pss saltlen"}, 162{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) ,"invalid pss saltlen"},
163{ERR_REASON(RSA_R_INVALID_SALT_LENGTH) ,"invalid salt length"},
152{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"}, 164{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
153{ERR_REASON(RSA_R_INVALID_X931_DIGEST) ,"invalid x931 digest"}, 165{ERR_REASON(RSA_R_INVALID_X931_DIGEST) ,"invalid x931 digest"},
154{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"}, 166{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
155{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, 167{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
156{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, 168{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
157{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 169{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
170{ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD) ,"non fips rsa method"},
158{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, 171{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
159{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, 172{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
160{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, 173{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
161{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, 174{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
175{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
162{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"}, 176{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
163{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, 177{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
164{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, 178{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
@@ -169,7 +183,12 @@ static ERR_STRING_DATA RSA_str_reasons[]=
169{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, 183{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
170{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, 184{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
171{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, 185{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
186{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST) ,"unknown mask digest"},
172{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, 187{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
188{ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST) ,"unknown pss digest"},
189{ERR_REASON(RSA_R_UNSUPPORTED_MASK_ALGORITHM),"unsupported mask algorithm"},
190{ERR_REASON(RSA_R_UNSUPPORTED_MASK_PARAMETER),"unsupported mask parameter"},
191{ERR_REASON(RSA_R_UNSUPPORTED_SIGNATURE_TYPE),"unsupported signature type"},
173{ERR_REASON(RSA_R_VALUE_MISSING) ,"value missing"}, 192{ERR_REASON(RSA_R_VALUE_MISSING) ,"value missing"},
174{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, 193{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
175{0,NULL} 194{0,NULL}
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 767f7ab682..42290cce66 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -67,6 +67,9 @@
67#include "cryptlib.h" 67#include "cryptlib.h"
68#include <openssl/bn.h> 68#include <openssl/bn.h>
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70#ifdef OPENSSL_FIPS
71#include <openssl/fips.h>
72#endif
70 73
71static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); 74static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
72 75
@@ -77,8 +80,20 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
77 * now just because key-generation is part of RSA_METHOD. */ 80 * now just because key-generation is part of RSA_METHOD. */
78int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb) 81int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
79 { 82 {
83#ifdef OPENSSL_FIPS
84 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
85 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
86 {
87 RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
88 return 0;
89 }
90#endif
80 if(rsa->meth->rsa_keygen) 91 if(rsa->meth->rsa_keygen)
81 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb); 92 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
93#ifdef OPENSSL_FIPS
94 if (FIPS_mode())
95 return FIPS_rsa_generate_key_ex(rsa, bits, e_value, cb);
96#endif
82 return rsa_builtin_keygen(rsa, bits, e_value, cb); 97 return rsa_builtin_keygen(rsa, bits, e_value, cb);
83 } 98 }
84 99
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index de45088d76..c95ceafc82 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,6 +67,10 @@
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69 69
70#ifdef OPENSSL_FIPS
71#include <openssl/fips.h>
72#endif
73
70const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; 74const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
71 75
72static const RSA_METHOD *default_RSA_meth=NULL; 76static const RSA_METHOD *default_RSA_meth=NULL;
@@ -87,12 +91,15 @@ const RSA_METHOD *RSA_get_default_method(void)
87 { 91 {
88 if (default_RSA_meth == NULL) 92 if (default_RSA_meth == NULL)
89 { 93 {
94#ifdef OPENSSL_FIPS
95 if (FIPS_mode())
96 return FIPS_rsa_pkcs1_ssleay();
97 else
98 return RSA_PKCS1_SSLeay();
99#else
90#ifdef RSA_NULL 100#ifdef RSA_NULL
91 default_RSA_meth=RSA_null_method(); 101 default_RSA_meth=RSA_null_method();
92#else 102#else
93#if 0 /* was: #ifdef RSAref */
94 default_RSA_meth=RSA_PKCS1_RSAref();
95#else
96 default_RSA_meth=RSA_PKCS1_SSLeay(); 103 default_RSA_meth=RSA_PKCS1_SSLeay();
97#endif 104#endif
98#endif 105#endif
@@ -181,7 +188,7 @@ RSA *RSA_new_method(ENGINE *engine)
181 ret->blinding=NULL; 188 ret->blinding=NULL;
182 ret->mt_blinding=NULL; 189 ret->mt_blinding=NULL;
183 ret->bignum_data=NULL; 190 ret->bignum_data=NULL;
184 ret->flags=ret->meth->flags; 191 ret->flags=ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
185 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) 192 if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
186 { 193 {
187#ifndef OPENSSL_NO_ENGINE 194#ifndef OPENSSL_NO_ENGINE
@@ -280,163 +287,6 @@ void *RSA_get_ex_data(const RSA *r, int idx)
280 return(CRYPTO_get_ex_data(&r->ex_data,idx)); 287 return(CRYPTO_get_ex_data(&r->ex_data,idx));
281 } 288 }
282 289
283int RSA_size(const RSA *r)
284 {
285 return(BN_num_bytes(r->n));
286 }
287
288int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
289 RSA *rsa, int padding)
290 {
291 return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
292 }
293
294int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
295 RSA *rsa, int padding)
296 {
297 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
298 }
299
300int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
301 RSA *rsa, int padding)
302 {
303 return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
304 }
305
306int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
307 RSA *rsa, int padding)
308 {
309 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
310 }
311
312int RSA_flags(const RSA *r)
313 {
314 return((r == NULL)?0:r->meth->flags);
315 }
316
317void RSA_blinding_off(RSA *rsa)
318 {
319 if (rsa->blinding != NULL)
320 {
321 BN_BLINDING_free(rsa->blinding);
322 rsa->blinding=NULL;
323 }
324 rsa->flags &= ~RSA_FLAG_BLINDING;
325 rsa->flags |= RSA_FLAG_NO_BLINDING;
326 }
327
328int RSA_blinding_on(RSA *rsa, BN_CTX *ctx)
329 {
330 int ret=0;
331
332 if (rsa->blinding != NULL)
333 RSA_blinding_off(rsa);
334
335 rsa->blinding = RSA_setup_blinding(rsa, ctx);
336 if (rsa->blinding == NULL)
337 goto err;
338
339 rsa->flags |= RSA_FLAG_BLINDING;
340 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
341 ret=1;
342err:
343 return(ret);
344 }
345
346static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
347 const BIGNUM *q, BN_CTX *ctx)
348{
349 BIGNUM *ret = NULL, *r0, *r1, *r2;
350
351 if (d == NULL || p == NULL || q == NULL)
352 return NULL;
353
354 BN_CTX_start(ctx);
355 r0 = BN_CTX_get(ctx);
356 r1 = BN_CTX_get(ctx);
357 r2 = BN_CTX_get(ctx);
358 if (r2 == NULL)
359 goto err;
360
361 if (!BN_sub(r1, p, BN_value_one())) goto err;
362 if (!BN_sub(r2, q, BN_value_one())) goto err;
363 if (!BN_mul(r0, r1, r2, ctx)) goto err;
364
365 ret = BN_mod_inverse(NULL, d, r0, ctx);
366err:
367 BN_CTX_end(ctx);
368 return ret;
369}
370
371BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
372{
373 BIGNUM local_n;
374 BIGNUM *e,*n;
375 BN_CTX *ctx;
376 BN_BLINDING *ret = NULL;
377
378 if (in_ctx == NULL)
379 {
380 if ((ctx = BN_CTX_new()) == NULL) return 0;
381 }
382 else
383 ctx = in_ctx;
384
385 BN_CTX_start(ctx);
386 e = BN_CTX_get(ctx);
387 if (e == NULL)
388 {
389 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
390 goto err;
391 }
392
393 if (rsa->e == NULL)
394 {
395 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx);
396 if (e == NULL)
397 {
398 RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
399 goto err;
400 }
401 }
402 else
403 e = rsa->e;
404
405
406 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
407 {
408 /* if PRNG is not properly seeded, resort to secret
409 * exponent as unpredictable seed */
410 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
411 }
412
413 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
414 {
415 /* Set BN_FLG_CONSTTIME flag */
416 n = &local_n;
417 BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
418 }
419 else
420 n = rsa->n;
421
422 ret = BN_BLINDING_create_param(NULL, e, n, ctx,
423 rsa->meth->bn_mod_exp, rsa->_method_mod_n);
424 if (ret == NULL)
425 {
426 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
427 goto err;
428 }
429 CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
430err:
431 BN_CTX_end(ctx);
432 if (in_ctx == NULL)
433 BN_CTX_free(ctx);
434 if(rsa->e == NULL)
435 BN_free(e);
436
437 return ret;
438}
439
440int RSA_memory_lock(RSA *r) 290int RSA_memory_lock(RSA *r)
441 { 291 {
442 int i,j,k,off; 292 int i,j,k,off;
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 18d307ea9e..553d212ebe 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -56,7 +56,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
56 seed = to + 1; 56 seed = to + 1;
57 db = to + SHA_DIGEST_LENGTH + 1; 57 db = to + SHA_DIGEST_LENGTH + 1;
58 58
59 EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL); 59 if (!EVP_Digest((void *)param, plen, db, NULL, EVP_sha1(), NULL))
60 return 0;
60 memset(db + SHA_DIGEST_LENGTH, 0, 61 memset(db + SHA_DIGEST_LENGTH, 0,
61 emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); 62 emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
62 db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; 63 db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
@@ -145,7 +146,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
145 for (i = 0; i < dblen; i++) 146 for (i = 0; i < dblen; i++)
146 db[i] ^= maskeddb[i]; 147 db[i] ^= maskeddb[i];
147 148
148 EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL); 149 if (!EVP_Digest((void *)param, plen, phash, NULL, EVP_sha1(), NULL))
150 return -1;
149 151
150 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad) 152 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0 || bad)
151 goto decoding_err; 153 goto decoding_err;
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 0be4ec7fb0..b6f6037ae0 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -77,6 +77,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
77 const unsigned char *s = NULL; 77 const unsigned char *s = NULL;
78 X509_ALGOR algor; 78 X509_ALGOR algor;
79 ASN1_OCTET_STRING digest; 79 ASN1_OCTET_STRING digest;
80#ifdef OPENSSL_FIPS
81 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
82 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
83 {
84 RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
85 return 0;
86 }
87#endif
80 if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) 88 if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
81 { 89 {
82 return rsa->meth->rsa_sign(type, m, m_len, 90 return rsa->meth->rsa_sign(type, m, m_len,
@@ -153,6 +161,15 @@ int int_rsa_verify(int dtype, const unsigned char *m,
153 unsigned char *s; 161 unsigned char *s;
154 X509_SIG *sig=NULL; 162 X509_SIG *sig=NULL;
155 163
164#ifdef OPENSSL_FIPS
165 if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
166 && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
167 {
168 RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
169 return 0;
170 }
171#endif
172
156 if (siglen != (unsigned int)RSA_size(rsa)) 173 if (siglen != (unsigned int)RSA_size(rsa))
157 { 174 {
158 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); 175 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
@@ -182,6 +199,22 @@ int int_rsa_verify(int dtype, const unsigned char *m,
182 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); 199 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
183 200
184 if (i <= 0) goto err; 201 if (i <= 0) goto err;
202 /* Oddball MDC2 case: signature can be OCTET STRING.
203 * check for correct tag and length octets.
204 */
205 if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
206 {
207 if (rm)
208 {
209 memcpy(rm, s + 2, 16);
210 *prm_len = 16;
211 ret = 1;
212 }
213 else if(memcmp(m, s + 2, 16))
214 RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
215 else
216 ret = 1;
217 }
185 218
186 /* Special case: SSL signature */ 219 /* Special case: SSL signature */
187 if(dtype == NID_md5_sha1) { 220 if(dtype == NID_md5_sha1) {
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-11-02 16:18:37 +0000