summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/Makefile239
-rw-r--r--src/lib/libcrypto/rsa/Makefile.ssl241
-rw-r--r--src/lib/libcrypto/rsa/rsa.h96
-rw-r--r--src/lib/libcrypto/rsa/rsa_asn1.c8
-rw-r--r--src/lib/libcrypto/rsa/rsa_chk.c4
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c564
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c22
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c160
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c130
-rw-r--r--src/lib/libcrypto/rsa/rsa_null.c150
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c38
-rw-r--r--src/lib/libcrypto/rsa/rsa_saos.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c4
-rw-r--r--src/lib/libcrypto/rsa/rsa_test.c318
14 files changed, 1361 insertions, 616 deletions
diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile
new file mode 100644
index 0000000000..13900812ac
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile
@@ -0,0 +1,239 @@
1#
2# OpenSSL/crypto/rsa/Makefile
3#
4
5DIR= rsa
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10MAKEFILE= Makefile
11AR= ar r
12
13CFLAGS= $(INCLUDES) $(CFLAG)
14
15GENERAL=Makefile
16TEST=rsa_test.c
17APPS=
18
19LIB=$(TOP)/libcrypto.a
20LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
21 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
22 rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c
23LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
24 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
25 rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o
26
27SRC= $(LIBSRC)
28
29EXHEADER= rsa.h
30HEADER= $(EXHEADER)
31
32ALL= $(GENERAL) $(SRC) $(HEADER)
33
34top:
35 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
36
37all: lib
38
39lib: $(LIBOBJ)
40 $(AR) $(LIB) $(LIBOBJ)
41 $(RANLIB) $(LIB) || echo Never mind.
42 @touch lib
43
44files:
45 $(PERL) $(TOP)/util/files.pl Makefile >> $(TOP)/MINFO
46
47links:
48 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
49 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
50 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
51
52install:
53 @[ -n "$(INSTALLTOP)" ] # should be set by top Makefile...
54 @headerlist="$(EXHEADER)"; for i in $$headerlist ; \
55 do \
56 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
57 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
58 done;
59
60tags:
61 ctags $(SRC)
62
63tests:
64
65lint:
66 lint -DLINT $(INCLUDES) $(SRC)>fluff
67
68depend:
69 @[ -n "$(MAKEDEPEND)" ] # should be set by upper Makefile...
70 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
71
72dclean:
73 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
74 mv -f Makefile.new $(MAKEFILE)
75
76clean:
77 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
78
79# DO NOT DELETE THIS LINE -- make depend depends on it.
80
81rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
82rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
83rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
84rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
85rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
86rsa_asn1.o: ../../include/openssl/opensslconf.h
87rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
88rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
89rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
90rsa_asn1.o: ../cryptlib.h rsa_asn1.c
91rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
92rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
93rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
94rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
95rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
96rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
97rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
98rsa_chk.o: rsa_chk.c
99rsa_depr.o: ../../e_os.h ../../include/openssl/asn1.h
100rsa_depr.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
101rsa_depr.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
102rsa_depr.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
103rsa_depr.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
104rsa_depr.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
105rsa_depr.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
106rsa_depr.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
107rsa_depr.o: ../cryptlib.h rsa_depr.c
108rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
109rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
110rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
111rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
112rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
113rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
114rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
115rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
116rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
117rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
118rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
119rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
120rsa_err.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
121rsa_err.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rsa.h
122rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
123rsa_err.o: ../../include/openssl/symhacks.h rsa_err.c
124rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
125rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
126rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
127rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
128rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
129rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
130rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
131rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
132rsa_gen.o: ../cryptlib.h rsa_gen.c
133rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
134rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
135rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
136rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
137rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
138rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
139rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
140rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
141rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
142rsa_lib.o: ../cryptlib.h rsa_lib.c
143rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
144rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
145rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
146rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
147rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
148rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
149rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
150rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
151rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
152rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
153rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
154rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
155rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
156rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
157rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
158rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
159rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
160rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
161rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
162rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
163rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
164rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
165rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
166rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
167rsa_oaep.o: ../../include/openssl/opensslconf.h
168rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
169rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
170rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
171rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
172rsa_oaep.o: ../cryptlib.h rsa_oaep.c
173rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
174rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
175rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
176rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
177rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
178rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
179rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
180rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
181rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
182rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
183rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
184rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
185rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
186rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
187rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
188rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
189rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
190rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
191rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
192rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
193rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
194rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
195rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
196rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
197rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
198rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
199rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
200rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
201rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
202rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
203rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
204rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
205rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
206rsa_saos.o: ../cryptlib.h rsa_saos.c
207rsa_sign.o: ../../e_os.h ../../include/openssl/asn1.h
208rsa_sign.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
209rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
210rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
211rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
212rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
213rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
214rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
215rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
216rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
217rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
218rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
219rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
220rsa_sign.o: ../cryptlib.h rsa_sign.c
221rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
222rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
223rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
224rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
225rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
226rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
227rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
228rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
229rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
230rsa_x931.o: ../../e_os.h ../../include/openssl/asn1.h
231rsa_x931.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
232rsa_x931.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
233rsa_x931.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
234rsa_x931.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
235rsa_x931.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
236rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
237rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
238rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
239rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
new file mode 100644
index 0000000000..8089344a04
--- /dev/null
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -0,0 +1,241 @@
1#
2# SSLeay/crypto/rsa/Makefile
3#
4
5DIR= rsa
6TOP= ../..
7CC= cc
8INCLUDES= -I.. -I$(TOP) -I../../include
9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
12INSTALLTOP=/usr/local/ssl
13MAKE= make -f Makefile.ssl
14MAKEDEPPROG= makedepend
15MAKEDEPEND= $(TOP)/util/domd $(TOP) -MD $(MAKEDEPPROG)
16MAKEFILE= Makefile.ssl
17AR= ar r
18
19CFLAGS= $(INCLUDES) $(CFLAG)
20
21GENERAL=Makefile
22TEST=rsa_test.c
23APPS=
24
25LIB=$(TOP)/libcrypto.a
26LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
27 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
28 rsa_asn1.c
29LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
30 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
31 rsa_asn1.o
32
33SRC= $(LIBSRC)
34
35EXHEADER= rsa.h
36HEADER= $(EXHEADER)
37
38ALL= $(GENERAL) $(SRC) $(HEADER)
39
40top:
41 (cd ../..; $(MAKE) DIRS=crypto SDIRS=$(DIR) sub_all)
42
43all: lib
44
45lib: $(LIBOBJ)
46 $(AR) $(LIB) $(LIBOBJ)
47 $(RANLIB) $(LIB) || echo Never mind.
48 @touch lib
49
50files:
51 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
52
53links:
54 @sh $(TOP)/util/point.sh Makefile.ssl Makefile
55 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
56 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
57 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
58
59install:
60 @for i in $(EXHEADER) ; \
61 do \
62 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
63 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
64 done;
65
66tags:
67 ctags $(SRC)
68
69tests:
70
71lint:
72 lint -DLINT $(INCLUDES) $(SRC)>fluff
73
74depend:
75 $(MAKEDEPEND) -- $(CFLAG) $(INCLUDES) $(DEPFLAG) -- $(PROGS) $(LIBSRC)
76
77dclean:
78 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
79 mv -f Makefile.new $(MAKEFILE)
80
81clean:
82 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
83
84# DO NOT DELETE THIS LINE -- make depend depends on it.
85
86rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
87rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
88rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
89rsa_asn1.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
90rsa_asn1.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
91rsa_asn1.o: ../../include/openssl/opensslconf.h
92rsa_asn1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
93rsa_asn1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
94rsa_asn1.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
95rsa_asn1.o: ../cryptlib.h rsa_asn1.c
96rsa_chk.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
97rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
98rsa_chk.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
99rsa_chk.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
100rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
101rsa_chk.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
102rsa_chk.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
103rsa_chk.o: rsa_chk.c
104rsa_eay.o: ../../e_os.h ../../include/openssl/asn1.h
105rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
106rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
107rsa_eay.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
108rsa_eay.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
109rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
110rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
111rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
112rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
113rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
114rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
115rsa_err.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
116rsa_err.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
117rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
118rsa_err.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
119rsa_err.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
120rsa_err.o: rsa_err.c
121rsa_gen.o: ../../e_os.h ../../include/openssl/asn1.h
122rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
123rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
124rsa_gen.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
125rsa_gen.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
126rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
127rsa_gen.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
128rsa_gen.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
129rsa_gen.o: ../cryptlib.h rsa_gen.c
130rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h
131rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
132rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
133rsa_lib.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
134rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h
135rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
136rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
137rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
138rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
139rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
140rsa_lib.o: ../../include/openssl/ui.h ../cryptlib.h rsa_lib.c
141rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
142rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
143rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
144rsa_none.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
145rsa_none.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
146rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
147rsa_none.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
148rsa_none.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
149rsa_none.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_none.c
150rsa_null.o: ../../e_os.h ../../include/openssl/asn1.h
151rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
152rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
153rsa_null.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
154rsa_null.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
155rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
156rsa_null.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
157rsa_null.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
158rsa_null.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_null.c
159rsa_oaep.o: ../../e_os.h ../../include/openssl/aes.h
160rsa_oaep.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
161rsa_oaep.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
162rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
163rsa_oaep.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
164rsa_oaep.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
165rsa_oaep.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
166rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/evp.h
167rsa_oaep.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
168rsa_oaep.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
169rsa_oaep.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
170rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
171rsa_oaep.o: ../../include/openssl/opensslconf.h
172rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
173rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rc2.h
174rsa_oaep.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
175rsa_oaep.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
176rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
177rsa_oaep.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
178rsa_oaep.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
179rsa_oaep.o: ../cryptlib.h rsa_oaep.c
180rsa_pk1.o: ../../e_os.h ../../include/openssl/asn1.h
181rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
182rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
183rsa_pk1.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
184rsa_pk1.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
185rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
186rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
187rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
188rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
189rsa_saos.o: ../../e_os.h ../../include/openssl/aes.h
190rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
191rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
192rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
193rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
194rsa_saos.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
195rsa_saos.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
196rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
197rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
198rsa_saos.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
199rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
200rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
201rsa_saos.o: ../../include/openssl/opensslconf.h
202rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
203rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
204rsa_saos.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
205rsa_saos.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
206rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
207rsa_saos.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
208rsa_saos.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
209rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
210rsa_saos.o: ../cryptlib.h rsa_saos.c
211rsa_sign.o: ../../e_os.h ../../include/openssl/aes.h
212rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
213rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
214rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
215rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
216rsa_sign.o: ../../include/openssl/des_old.h ../../include/openssl/dh.h
217rsa_sign.o: ../../include/openssl/dsa.h ../../include/openssl/e_os2.h
218rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
219rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/lhash.h
220rsa_sign.o: ../../include/openssl/md2.h ../../include/openssl/md4.h
221rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
222rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
223rsa_sign.o: ../../include/openssl/opensslconf.h
224rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
225rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rc2.h
226rsa_sign.o: ../../include/openssl/rc4.h ../../include/openssl/rc5.h
227rsa_sign.o: ../../include/openssl/ripemd.h ../../include/openssl/rsa.h
228rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
229rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
230rsa_sign.o: ../../include/openssl/ui.h ../../include/openssl/ui_compat.h
231rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
232rsa_sign.o: ../cryptlib.h rsa_sign.c
233rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
234rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
235rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
236rsa_ssl.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
237rsa_ssl.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
238rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
239rsa_ssl.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
240rsa_ssl.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
241rsa_ssl.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_ssl.c
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 6b5e4f8a9a..dbed701e89 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -64,25 +64,25 @@
64#ifndef OPENSSL_NO_BIO 64#ifndef OPENSSL_NO_BIO
65#include <openssl/bio.h> 65#include <openssl/bio.h>
66#endif 66#endif
67#include <openssl/bn.h>
67#include <openssl/crypto.h> 68#include <openssl/crypto.h>
68#include <openssl/ossl_typ.h> 69#include <openssl/ossl_typ.h>
69#ifndef OPENSSL_NO_DEPRECATED
70#include <openssl/bn.h>
71#endif
72 70
73#ifdef OPENSSL_NO_RSA 71#ifdef OPENSSL_NO_RSA
74#error RSA is disabled. 72#error RSA is disabled.
75#endif 73#endif
76 74
75#if defined(OPENSSL_FIPS)
76#define FIPS_RSA_SIZE_T int
77#endif
78
77#ifdef __cplusplus 79#ifdef __cplusplus
78extern "C" { 80extern "C" {
79#endif 81#endif
80 82
81/* Declared already in ossl_typ.h */ 83typedef struct rsa_st RSA;
82/* typedef struct rsa_st RSA; */
83/* typedef struct rsa_meth_st RSA_METHOD; */
84 84
85struct rsa_meth_st 85typedef struct rsa_meth_st
86 { 86 {
87 const char *name; 87 const char *name;
88 int (*rsa_pub_enc)(int flen,const unsigned char *from, 88 int (*rsa_pub_enc)(int flen,const unsigned char *from,
@@ -97,7 +97,7 @@ struct rsa_meth_st
97 int (*rsa_priv_dec)(int flen,const unsigned char *from, 97 int (*rsa_priv_dec)(int flen,const unsigned char *from,
98 unsigned char *to, 98 unsigned char *to,
99 RSA *rsa,int padding); 99 RSA *rsa,int padding);
100 int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa,BN_CTX *ctx); /* Can be null */ 100 int (*rsa_mod_exp)(BIGNUM *r0,const BIGNUM *I,RSA *rsa); /* Can be null */
101 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p, 101 int (*bn_mod_exp)(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
102 const BIGNUM *m, BN_CTX *ctx, 102 const BIGNUM *m, BN_CTX *ctx,
103 BN_MONT_CTX *m_ctx); /* Can be null */ 103 BN_MONT_CTX *m_ctx); /* Can be null */
@@ -118,12 +118,8 @@ struct rsa_meth_st
118 int (*rsa_verify)(int dtype, 118 int (*rsa_verify)(int dtype,
119 const unsigned char *m, unsigned int m_length, 119 const unsigned char *m, unsigned int m_length,
120 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa); 120 unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
121/* If this callback is NULL, the builtin software RSA key-gen will be used. This 121
122 * is for behavioural compatibility whilst the code gets rewired, but one day 122 } RSA_METHOD;
123 * it would be nice to assume there are no such things as "builtin software"
124 * implementations. */
125 int (*rsa_keygen)(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
126 };
127 123
128struct rsa_st 124struct rsa_st
129 { 125 {
@@ -156,19 +152,12 @@ struct rsa_st
156 * NULL */ 152 * NULL */
157 char *bignum_data; 153 char *bignum_data;
158 BN_BLINDING *blinding; 154 BN_BLINDING *blinding;
159 BN_BLINDING *mt_blinding;
160 }; 155 };
161 156
162#ifndef OPENSSL_RSA_MAX_MODULUS_BITS 157#define OPENSSL_RSA_MAX_MODULUS_BITS 16384
163# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
164#endif
165 158
166#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS 159#define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
167# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 160#define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "small" modulus only */
168#endif
169#ifndef OPENSSL_RSA_MAX_PUBEXP_BITS
170# define OPENSSL_RSA_MAX_PUBEXP_BITS 64 /* exponent limit enforced for "large" modulus only */
171#endif
172 161
173#define RSA_3 0x3L 162#define RSA_3 0x3L
174#define RSA_F4 0x10001L 163#define RSA_F4 0x10001L
@@ -195,27 +184,13 @@ struct rsa_st
195 * default (ignoring RSA_FLAG_BLINDING), 184 * default (ignoring RSA_FLAG_BLINDING),
196 * but other engines might not need it 185 * but other engines might not need it
197 */ 186 */
198#define RSA_FLAG_NO_CONSTTIME 0x0100 /* new with 0.9.8f; the built-in RSA 187#define RSA_FLAG_NO_EXP_CONSTTIME 0x0100 /* new with 0.9.7h; the built-in RSA
199 * implementation now uses constant time
200 * operations by default in private key operations,
201 * e.g., constant time modular exponentiation,
202 * modular inverse without leaking branches,
203 * division without leaking branches. This
204 * flag disables these constant time
205 * operations and results in faster RSA
206 * private key operations.
207 */
208#ifndef OPENSSL_NO_DEPRECATED
209#define RSA_FLAG_NO_EXP_CONSTTIME RSA_FLAG_NO_CONSTTIME /* deprecated name for the flag*/
210 /* new with 0.9.7h; the built-in RSA
211 * implementation now uses constant time 188 * implementation now uses constant time
212 * modular exponentiation for secret exponents 189 * modular exponentiation for secret exponents
213 * by default. This flag causes the 190 * by default. This flag causes the
214 * faster variable sliding window method to 191 * faster variable sliding window method to
215 * be used for all exponents. 192 * be used for all exponents.
216 */ 193 */
217#endif
218
219 194
220#define RSA_PKCS1_PADDING 1 195#define RSA_PKCS1_PADDING 1
221#define RSA_SSLV23_PADDING 2 196#define RSA_SSLV23_PADDING 2
@@ -231,17 +206,18 @@ struct rsa_st
231RSA * RSA_new(void); 206RSA * RSA_new(void);
232RSA * RSA_new_method(ENGINE *engine); 207RSA * RSA_new_method(ENGINE *engine);
233int RSA_size(const RSA *); 208int RSA_size(const RSA *);
234
235/* Deprecated version */
236#ifndef OPENSSL_NO_DEPRECATED
237RSA * RSA_generate_key(int bits, unsigned long e,void 209RSA * RSA_generate_key(int bits, unsigned long e,void
238 (*callback)(int,int,void *),void *cb_arg); 210 (*callback)(int,int,void *),void *cb_arg);
239#endif /* !defined(OPENSSL_NO_DEPRECATED) */
240
241/* New version */
242int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
243
244int RSA_check_key(const RSA *); 211int RSA_check_key(const RSA *);
212#ifdef OPENSSL_FIPS
213int RSA_X931_derive(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
214 void (*cb)(int, int, void *), void *cb_arg,
215 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
216 const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
217 const BIGNUM *e);
218RSA *RSA_X931_generate_key(int bits, const BIGNUM *e,
219 void (*cb)(int,int,void *), void *cb_arg);
220#endif
245 /* next 4 return -1 on error */ 221 /* next 4 return -1 on error */
246int RSA_public_encrypt(int flen, const unsigned char *from, 222int RSA_public_encrypt(int flen, const unsigned char *from,
247 unsigned char *to, RSA *rsa,int padding); 223 unsigned char *to, RSA *rsa,int padding);
@@ -281,19 +257,11 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset);
281int RSA_print(BIO *bp, const RSA *r,int offset); 257int RSA_print(BIO *bp, const RSA *r,int offset);
282#endif 258#endif
283 259
284int i2d_RSA_NET(const RSA *a, unsigned char **pp, 260int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(), int sgckey);
285 int (*cb)(char *buf, int len, const char *prompt, int verify), 261RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length, int (*cb)(), int sgckey);
286 int sgckey);
287RSA *d2i_RSA_NET(RSA **a, const unsigned char **pp, long length,
288 int (*cb)(char *buf, int len, const char *prompt, int verify),
289 int sgckey);
290 262
291int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, 263int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, int (*cb)());
292 int (*cb)(char *buf, int len, const char *prompt, 264RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)());
293 int verify));
294RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
295 int (*cb)(char *buf, int len, const char *prompt,
296 int verify));
297 265
298/* The following 2 functions sign and verify a X509_SIG ASN1 object 266/* The following 2 functions sign and verify a X509_SIG ASN1 object
299 * inside PKCS#1 padded RSA encryption */ 267 * inside PKCS#1 padded RSA encryption */
@@ -313,7 +281,6 @@ int RSA_verify_ASN1_OCTET_STRING(int type,
313 281
314int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); 282int RSA_blinding_on(RSA *rsa, BN_CTX *ctx);
315void RSA_blinding_off(RSA *rsa); 283void RSA_blinding_off(RSA *rsa);
316BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *ctx);
317 284
318int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, 285int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
319 const unsigned char *f,int fl); 286 const unsigned char *f,int fl);
@@ -369,21 +336,14 @@ void ERR_load_RSA_strings(void);
369 336
370/* Function codes. */ 337/* Function codes. */
371#define RSA_F_MEMORY_LOCK 100 338#define RSA_F_MEMORY_LOCK 100
372#define RSA_F_RSA_BUILTIN_KEYGEN 129
373#define RSA_F_RSA_CHECK_KEY 123 339#define RSA_F_RSA_CHECK_KEY 123
374#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 340#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
375#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 341#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
376#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 342#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
377#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 343#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
378#define RSA_F_RSA_GENERATE_KEY 105 344#define RSA_F_RSA_GENERATE_KEY 105
379#define RSA_F_RSA_MEMORY_LOCK 130
380#define RSA_F_RSA_NEW_METHOD 106 345#define RSA_F_RSA_NEW_METHOD 106
381#define RSA_F_RSA_NULL 124 346#define RSA_F_RSA_NULL 124
382#define RSA_F_RSA_NULL_MOD_EXP 131
383#define RSA_F_RSA_NULL_PRIVATE_DECRYPT 132
384#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT 133
385#define RSA_F_RSA_NULL_PUBLIC_DECRYPT 134
386#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT 135
387#define RSA_F_RSA_PADDING_ADD_NONE 107 347#define RSA_F_RSA_PADDING_ADD_NONE 107
388#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 348#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
389#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125 349#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS 125
@@ -399,7 +359,6 @@ void ERR_load_RSA_strings(void);
399#define RSA_F_RSA_PADDING_CHECK_X931 128 359#define RSA_F_RSA_PADDING_CHECK_X931 128
400#define RSA_F_RSA_PRINT 115 360#define RSA_F_RSA_PRINT 115
401#define RSA_F_RSA_PRINT_FP 116 361#define RSA_F_RSA_PRINT_FP 116
402#define RSA_F_RSA_SETUP_BLINDING 136
403#define RSA_F_RSA_SIGN 117 362#define RSA_F_RSA_SIGN 117
404#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 363#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
405#define RSA_F_RSA_VERIFY 119 364#define RSA_F_RSA_VERIFY 119
@@ -433,7 +392,6 @@ void ERR_load_RSA_strings(void);
433#define RSA_R_KEY_SIZE_TOO_SMALL 120 392#define RSA_R_KEY_SIZE_TOO_SMALL 120
434#define RSA_R_LAST_OCTET_INVALID 134 393#define RSA_R_LAST_OCTET_INVALID 134
435#define RSA_R_MODULUS_TOO_LARGE 105 394#define RSA_R_MODULUS_TOO_LARGE 105
436#define RSA_R_NO_PUBLIC_EXPONENT 140
437#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 395#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
438#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 396#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
439#define RSA_R_OAEP_DECODING_ERROR 121 397#define RSA_R_OAEP_DECODING_ERROR 121
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index bbbf26d50e..1455a7e0e4 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -63,10 +63,10 @@
63#include <openssl/asn1t.h> 63#include <openssl/asn1t.h>
64 64
65static ASN1_METHOD method={ 65static ASN1_METHOD method={
66 (I2D_OF(void)) i2d_RSAPrivateKey, 66 (int (*)()) i2d_RSAPrivateKey,
67 (D2I_OF(void)) d2i_RSAPrivateKey, 67 (char *(*)())d2i_RSAPrivateKey,
68 (void *(*)(void)) RSA_new, 68 (char *(*)())RSA_new,
69 (void (*)(void *)) RSA_free}; 69 (void (*)()) RSA_free};
70 70
71ASN1_METHOD *RSAPrivateKey_asn1_meth(void) 71ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
72 { 72 {
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
index 9d848db8c6..002f2cb487 100644
--- a/src/lib/libcrypto/rsa/rsa_chk.c
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -75,7 +75,7 @@ int RSA_check_key(const RSA *key)
75 } 75 }
76 76
77 /* p prime? */ 77 /* p prime? */
78 r = BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL); 78 r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
79 if (r != 1) 79 if (r != 1)
80 { 80 {
81 ret = r; 81 ret = r;
@@ -85,7 +85,7 @@ int RSA_check_key(const RSA *key)
85 } 85 }
86 86
87 /* q prime? */ 87 /* q prime? */
88 r = BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL); 88 r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
89 if (r != 1) 89 if (r != 1)
90 { 90 {
91 ret = r; 91 ret = r;
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index ffadaab9a4..610889dc80 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -56,7 +56,7 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58/* ==================================================================== 58/* ====================================================================
59 * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved. 59 * Copyright (c) 1998-2005 The OpenSSL Project. All rights reserved.
60 * 60 *
61 * Redistribution and use in source and binary forms, with or without 61 * Redistribution and use in source and binary forms, with or without
62 * modification, are permitted provided that the following conditions 62 * modification, are permitted provided that the following conditions
@@ -115,7 +115,7 @@
115#include <openssl/rsa.h> 115#include <openssl/rsa.h>
116#include <openssl/rand.h> 116#include <openssl/rand.h>
117 117
118#ifndef RSA_NULL 118#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
119 119
120static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 120static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
121 unsigned char *to, RSA *rsa,int padding); 121 unsigned char *to, RSA *rsa,int padding);
@@ -125,7 +125,7 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
125 unsigned char *to, RSA *rsa,int padding); 125 unsigned char *to, RSA *rsa,int padding);
126static int RSA_eay_private_decrypt(int flen, const unsigned char *from, 126static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
127 unsigned char *to, RSA *rsa,int padding); 127 unsigned char *to, RSA *rsa,int padding);
128static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa, BN_CTX *ctx); 128static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa);
129static int RSA_eay_init(RSA *rsa); 129static int RSA_eay_init(RSA *rsa);
130static int RSA_eay_finish(RSA *rsa); 130static int RSA_eay_finish(RSA *rsa);
131static RSA_METHOD rsa_pkcs1_eay_meth={ 131static RSA_METHOD rsa_pkcs1_eay_meth={
@@ -141,8 +141,7 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
141 0, /* flags */ 141 0, /* flags */
142 NULL, 142 NULL,
143 0, /* rsa_sign */ 143 0, /* rsa_sign */
144 0, /* rsa_verify */ 144 0 /* rsa_verify */
145 NULL /* rsa_keygen */
146 }; 145 };
147 146
148const RSA_METHOD *RSA_PKCS1_SSLeay(void) 147const RSA_METHOD *RSA_PKCS1_SSLeay(void)
@@ -150,53 +149,19 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
150 return(&rsa_pkcs1_eay_meth); 149 return(&rsa_pkcs1_eay_meth);
151 } 150 }
152 151
153/* Usage example;
154 * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
155 */
156#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
157 if ((pre_cond) && ((method_mod) == NULL) && \
158 !BN_MONT_CTX_set_locked(&(method_mod), \
159 CRYPTO_LOCK_RSA, \
160 (m), (ctx))) \
161 err_instr
162
163static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 152static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
164 unsigned char *to, RSA *rsa, int padding) 153 unsigned char *to, RSA *rsa, int padding)
165 { 154 {
166 BIGNUM *f,*ret; 155 BIGNUM f,ret;
167 int i,j,k,num=0,r= -1; 156 int i,j,k,num=0,r= -1;
168 unsigned char *buf=NULL; 157 unsigned char *buf=NULL;
169 BN_CTX *ctx=NULL; 158 BN_CTX *ctx=NULL;
170 159
171 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) 160 BN_init(&f);
172 { 161 BN_init(&ret);
173 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
174 return -1;
175 }
176
177 if (BN_ucmp(rsa->n, rsa->e) <= 0)
178 {
179 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
180 return -1;
181 }
182
183 /* for large moduli, enforce exponent limit */
184 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
185 {
186 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
187 {
188 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
189 return -1;
190 }
191 }
192
193 if ((ctx=BN_CTX_new()) == NULL) goto err; 162 if ((ctx=BN_CTX_new()) == NULL) goto err;
194 BN_CTX_start(ctx);
195 f = BN_CTX_get(ctx);
196 ret = BN_CTX_get(ctx);
197 num=BN_num_bytes(rsa->n); 163 num=BN_num_bytes(rsa->n);
198 buf = OPENSSL_malloc(num); 164 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
199 if (!f || !ret || !buf)
200 { 165 {
201 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); 166 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
202 goto err; 167 goto err;
@@ -224,34 +189,37 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
224 } 189 }
225 if (i <= 0) goto err; 190 if (i <= 0) goto err;
226 191
227 if (BN_bin2bn(buf,num,f) == NULL) goto err; 192 if (BN_bin2bn(buf,num,&f) == NULL) goto err;
228 193
229 if (BN_ucmp(f, rsa->n) >= 0) 194 if (BN_ucmp(&f, rsa->n) >= 0)
230 { 195 {
231 /* usually the padding functions would catch this */ 196 /* usually the padding functions would catch this */
232 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 197 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
233 goto err; 198 goto err;
234 } 199 }
235 200
236 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 201 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
202 {
203 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
204 CRYPTO_LOCK_RSA, rsa->n, ctx))
205 goto err;
206 }
237 207
238 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 208 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
239 rsa->_method_mod_n)) goto err; 209 rsa->_method_mod_n)) goto err;
240 210
241 /* put in leading 0 bytes if the number is less than the 211 /* put in leading 0 bytes if the number is less than the
242 * length of the modulus */ 212 * length of the modulus */
243 j=BN_num_bytes(ret); 213 j=BN_num_bytes(&ret);
244 i=BN_bn2bin(ret,&(to[num-j])); 214 i=BN_bn2bin(&ret,&(to[num-j]));
245 for (k=0; k<(num-i); k++) 215 for (k=0; k<(num-i); k++)
246 to[k]=0; 216 to[k]=0;
247 217
248 r=num; 218 r=num;
249err: 219err:
250 if (ctx != NULL) 220 if (ctx != NULL) BN_CTX_free(ctx);
251 { 221 BN_clear_free(&f);
252 BN_CTX_end(ctx); 222 BN_clear_free(&ret);
253 BN_CTX_free(ctx);
254 }
255 if (buf != NULL) 223 if (buf != NULL)
256 { 224 {
257 OPENSSL_cleanse(buf,num); 225 OPENSSL_cleanse(buf,num);
@@ -260,115 +228,98 @@ err:
260 return(r); 228 return(r);
261 } 229 }
262 230
263static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx) 231static int rsa_eay_blinding(RSA *rsa, BN_CTX *ctx)
264{ 232 {
265 BN_BLINDING *ret; 233 int ret = 1;
266 int got_write_lock = 0; 234 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
235 /* Check again inside the lock - the macro's check is racey */
236 if(rsa->blinding == NULL)
237 ret = RSA_blinding_on(rsa, ctx);
238 CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
239 return ret;
240 }
267 241
268 CRYPTO_r_lock(CRYPTO_LOCK_RSA); 242#define BLINDING_HELPER(rsa, ctx, err_instr) \
243 do { \
244 if((!((rsa)->flags & RSA_FLAG_NO_BLINDING)) && \
245 ((rsa)->blinding == NULL) && \
246 !rsa_eay_blinding(rsa, ctx)) \
247 err_instr \
248 } while(0)
269 249
270 if (rsa->blinding == NULL) 250static BN_BLINDING *setup_blinding(RSA *rsa, BN_CTX *ctx)
271 { 251 {
272 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); 252 BIGNUM *A, *Ai;
273 CRYPTO_w_lock(CRYPTO_LOCK_RSA); 253 BN_BLINDING *ret = NULL;
274 got_write_lock = 1;
275 254
276 if (rsa->blinding == NULL) 255 /* added in OpenSSL 0.9.6j and 0.9.7b */
277 rsa->blinding = RSA_setup_blinding(rsa, ctx);
278 }
279 256
280 ret = rsa->blinding; 257 /* NB: similar code appears in RSA_blinding_on (rsa_lib.c);
281 if (ret == NULL) 258 * this should be placed in a new function of its own, but for reasons
282 goto err; 259 * of binary compatibility can't */
283 260
284 if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id()) 261 BN_CTX_start(ctx);
262 A = BN_CTX_get(ctx);
263 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
285 { 264 {
286 /* rsa->blinding is ours! */ 265 /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
287 266 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
288 *local = 1; 267 if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
289 } 268 }
290 else 269 else
291 { 270 {
292 /* resort to rsa->mt_blinding instead */ 271 if (!BN_rand_range(A,rsa->n)) goto err;
293
294 *local = 0; /* instructs rsa_blinding_convert(), rsa_blinding_invert()
295 * that the BN_BLINDING is shared, meaning that accesses
296 * require locks, and that the blinding factor must be
297 * stored outside the BN_BLINDING
298 */
299
300 if (rsa->mt_blinding == NULL)
301 {
302 if (!got_write_lock)
303 {
304 CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
305 CRYPTO_w_lock(CRYPTO_LOCK_RSA);
306 got_write_lock = 1;
307 }
308
309 if (rsa->mt_blinding == NULL)
310 rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
311 }
312 ret = rsa->mt_blinding;
313 } 272 }
273 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
314 274
315 err: 275 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
316 if (got_write_lock) 276 goto err;
317 CRYPTO_w_unlock(CRYPTO_LOCK_RSA); 277 ret = BN_BLINDING_new(A,Ai,rsa->n);
318 else 278 BN_free(Ai);
319 CRYPTO_r_unlock(CRYPTO_LOCK_RSA); 279err:
280 BN_CTX_end(ctx);
320 return ret; 281 return ret;
321} 282 }
322
323static int rsa_blinding_convert(BN_BLINDING *b, int local, BIGNUM *f,
324 BIGNUM *r, BN_CTX *ctx)
325{
326 if (local)
327 return BN_BLINDING_convert_ex(f, NULL, b, ctx);
328 else
329 {
330 int ret;
331 CRYPTO_r_lock(CRYPTO_LOCK_RSA_BLINDING);
332 ret = BN_BLINDING_convert_ex(f, r, b, ctx);
333 CRYPTO_r_unlock(CRYPTO_LOCK_RSA_BLINDING);
334 return ret;
335 }
336}
337
338static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
339 BIGNUM *r, BN_CTX *ctx)
340{
341 if (local)
342 return BN_BLINDING_invert_ex(f, NULL, b, ctx);
343 else
344 {
345 int ret;
346 CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
347 ret = BN_BLINDING_invert_ex(f, r, b, ctx);
348 CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
349 return ret;
350 }
351}
352 283
353/* signing */ 284/* signing */
354static int RSA_eay_private_encrypt(int flen, const unsigned char *from, 285static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
355 unsigned char *to, RSA *rsa, int padding) 286 unsigned char *to, RSA *rsa, int padding)
356 { 287 {
357 BIGNUM *f, *ret, *br, *res; 288 BIGNUM f,ret, *res;
358 int i,j,k,num=0,r= -1; 289 int i,j,k,num=0,r= -1;
359 unsigned char *buf=NULL; 290 unsigned char *buf=NULL;
360 BN_CTX *ctx=NULL; 291 BN_CTX *ctx=NULL;
361 int local_blinding = 0; 292 int local_blinding = 0;
362 BN_BLINDING *blinding = NULL; 293 BN_BLINDING *blinding = NULL;
363 294
295 BN_init(&f);
296 BN_init(&ret);
297
298 if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
299 {
300 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
301 return -1;
302 }
303
304 if (BN_ucmp(rsa->n, rsa->e) <= 0)
305 {
306 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
307 return -1;
308 }
309
310 /* for large moduli, enforce exponent limit */
311 if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
312 {
313 if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
314 {
315 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
316 return -1;
317 }
318 }
319
364 if ((ctx=BN_CTX_new()) == NULL) goto err; 320 if ((ctx=BN_CTX_new()) == NULL) goto err;
365 BN_CTX_start(ctx); 321 num=BN_num_bytes(rsa->n);
366 f = BN_CTX_get(ctx); 322 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
367 br = BN_CTX_get(ctx);
368 ret = BN_CTX_get(ctx);
369 num = BN_num_bytes(rsa->n);
370 buf = OPENSSL_malloc(num);
371 if(!f || !ret || !buf)
372 { 323 {
373 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); 324 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE);
374 goto err; 325 goto err;
@@ -379,9 +330,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
379 case RSA_PKCS1_PADDING: 330 case RSA_PKCS1_PADDING:
380 i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); 331 i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
381 break; 332 break;
382 case RSA_X931_PADDING:
383 i=RSA_padding_add_X931(buf,num,from,flen);
384 break;
385 case RSA_NO_PADDING: 333 case RSA_NO_PADDING:
386 i=RSA_padding_add_none(buf,num,from,flen); 334 i=RSA_padding_add_none(buf,num,from,flen);
387 break; 335 break;
@@ -392,18 +340,26 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
392 } 340 }
393 if (i <= 0) goto err; 341 if (i <= 0) goto err;
394 342
395 if (BN_bin2bn(buf,num,f) == NULL) goto err; 343 if (BN_bin2bn(buf,num,&f) == NULL) goto err;
396 344
397 if (BN_ucmp(f, rsa->n) >= 0) 345 if (BN_ucmp(&f, rsa->n) >= 0)
398 { 346 {
399 /* usually the padding functions would catch this */ 347 /* usually the padding functions would catch this */
400 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 348 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
401 goto err; 349 goto err;
402 } 350 }
403 351
352 BLINDING_HELPER(rsa, ctx, goto err;);
353 blinding = rsa->blinding;
354
355 /* Now unless blinding is disabled, 'blinding' is non-NULL.
356 * But the BN_BLINDING object may be owned by some other thread
357 * (we don't want to keep it constant and we don't want to use
358 * lots of locking to avoid race conditions, so only a single
359 * thread can use it; other threads have to use local blinding
360 * factors) */
404 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) 361 if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
405 { 362 {
406 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
407 if (blinding == NULL) 363 if (blinding == NULL)
408 { 364 {
409 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR); 365 RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
@@ -412,8 +368,20 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
412 } 368 }
413 369
414 if (blinding != NULL) 370 if (blinding != NULL)
415 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 371 {
416 goto err; 372 if (blinding->thread_id != CRYPTO_thread_id())
373 {
374 /* we need a local one-time blinding factor */
375
376 blinding = setup_blinding(rsa, ctx);
377 if (blinding == NULL)
378 goto err;
379 local_blinding = 1;
380 }
381 }
382
383 if (blinding)
384 if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
417 385
418 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 386 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
419 ((rsa->p != NULL) && 387 ((rsa->p != NULL) &&
@@ -422,42 +390,37 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
422 (rsa->dmq1 != NULL) && 390 (rsa->dmq1 != NULL) &&
423 (rsa->iqmp != NULL)) ) 391 (rsa->iqmp != NULL)) )
424 { 392 {
425 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; 393 if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
426 } 394 }
427 else 395 else
428 { 396 {
429 BIGNUM local_d; 397 BIGNUM local_d;
430 BIGNUM *d = NULL; 398 BIGNUM *d = NULL;
431 399
432 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 400 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
433 { 401 {
434 BN_init(&local_d); 402 BN_init(&local_d);
435 d = &local_d; 403 d = &local_d;
436 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 404 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
437 } 405 }
438 else 406 else
439 d= rsa->d; 407 d = rsa->d;
440 408 if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL)) goto err;
441 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
442
443 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
444 rsa->_method_mod_n)) goto err;
445 } 409 }
446 410
447 if (blinding) 411 if (blinding)
448 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 412 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
449 goto err;
450 413
451 if (padding == RSA_X931_PADDING) 414 if (padding == RSA_X931_PADDING)
452 { 415 {
453 BN_sub(f, rsa->n, ret); 416 BN_sub(&f, rsa->n, &ret);
454 if (BN_cmp(ret, f)) 417 if (BN_cmp(&ret, &f))
455 res = f; 418 res = &f;
456 else 419 else
457 res = ret; 420 res = &ret;
458 } 421 }
459 else 422 else
460 res = ret; 423 res = &ret;
461 424
462 /* put in leading 0 bytes if the number is less than the 425 /* put in leading 0 bytes if the number is less than the
463 * length of the modulus */ 426 * length of the modulus */
@@ -468,11 +431,11 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
468 431
469 r=num; 432 r=num;
470err: 433err:
471 if (ctx != NULL) 434 if (ctx != NULL) BN_CTX_free(ctx);
472 { 435 BN_clear_free(&ret);
473 BN_CTX_end(ctx); 436 BN_clear_free(&f);
474 BN_CTX_free(ctx); 437 if (local_blinding)
475 } 438 BN_BLINDING_free(blinding);
476 if (buf != NULL) 439 if (buf != NULL)
477 { 440 {
478 OPENSSL_cleanse(buf,num); 441 OPENSSL_cleanse(buf,num);
@@ -484,7 +447,7 @@ err:
484static int RSA_eay_private_decrypt(int flen, const unsigned char *from, 447static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
485 unsigned char *to, RSA *rsa, int padding) 448 unsigned char *to, RSA *rsa, int padding)
486 { 449 {
487 BIGNUM *f, *ret, *br; 450 BIGNUM f,ret;
488 int j,num=0,r= -1; 451 int j,num=0,r= -1;
489 unsigned char *p; 452 unsigned char *p;
490 unsigned char *buf=NULL; 453 unsigned char *buf=NULL;
@@ -492,14 +455,14 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
492 int local_blinding = 0; 455 int local_blinding = 0;
493 BN_BLINDING *blinding = NULL; 456 BN_BLINDING *blinding = NULL;
494 457
495 if((ctx = BN_CTX_new()) == NULL) goto err; 458 BN_init(&f);
496 BN_CTX_start(ctx); 459 BN_init(&ret);
497 f = BN_CTX_get(ctx); 460 ctx=BN_CTX_new();
498 br = BN_CTX_get(ctx); 461 if (ctx == NULL) goto err;
499 ret = BN_CTX_get(ctx); 462
500 num = BN_num_bytes(rsa->n); 463 num=BN_num_bytes(rsa->n);
501 buf = OPENSSL_malloc(num); 464
502 if(!f || !ret || !buf) 465 if ((buf=(unsigned char *)OPENSSL_malloc(num)) == NULL)
503 { 466 {
504 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); 467 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
505 goto err; 468 goto err;
@@ -514,17 +477,25 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
514 } 477 }
515 478
516 /* make data into a big number */ 479 /* make data into a big number */
517 if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; 480 if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
518 481
519 if (BN_ucmp(f, rsa->n) >= 0) 482 if (BN_ucmp(&f, rsa->n) >= 0)
520 { 483 {
521 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 484 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
522 goto err; 485 goto err;
523 } 486 }
524 487
488 BLINDING_HELPER(rsa, ctx, goto err;);
489 blinding = rsa->blinding;
490
491 /* Now unless blinding is disabled, 'blinding' is non-NULL.
492 * But the BN_BLINDING object may be owned by some other thread
493 * (we don't want to keep it constant and we don't want to use
494 * lots of locking to avoid race conditions, so only a single
495 * thread can use it; other threads have to use local blinding
496 * factors) */
525 if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) 497 if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
526 { 498 {
527 blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
528 if (blinding == NULL) 499 if (blinding == NULL)
529 { 500 {
530 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR); 501 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
@@ -533,8 +504,20 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
533 } 504 }
534 505
535 if (blinding != NULL) 506 if (blinding != NULL)
536 if (!rsa_blinding_convert(blinding, local_blinding, f, br, ctx)) 507 {
537 goto err; 508 if (blinding->thread_id != CRYPTO_thread_id())
509 {
510 /* we need a local one-time blinding factor */
511
512 blinding = setup_blinding(rsa, ctx);
513 if (blinding == NULL)
514 goto err;
515 local_blinding = 1;
516 }
517 }
518
519 if (blinding)
520 if (!BN_BLINDING_convert(&f, blinding, ctx)) goto err;
538 521
539 /* do the decrypt */ 522 /* do the decrypt */
540 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) || 523 if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
@@ -544,33 +527,29 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
544 (rsa->dmq1 != NULL) && 527 (rsa->dmq1 != NULL) &&
545 (rsa->iqmp != NULL)) ) 528 (rsa->iqmp != NULL)) )
546 { 529 {
547 if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err; 530 if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err;
548 } 531 }
549 else 532 else
550 { 533 {
551 BIGNUM local_d; 534 BIGNUM local_d;
552 BIGNUM *d = NULL; 535 BIGNUM *d = NULL;
553 536
554 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 537 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
555 { 538 {
556 d = &local_d; 539 d = &local_d;
557 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 540 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
558 } 541 }
559 else 542 else
560 d = rsa->d; 543 d = rsa->d;
561 544 if (!rsa->meth->bn_mod_exp(&ret,&f,d,rsa->n,ctx,NULL))
562 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 545 goto err;
563 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
564 rsa->_method_mod_n))
565 goto err;
566 } 546 }
567 547
568 if (blinding) 548 if (blinding)
569 if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx)) 549 if (!BN_BLINDING_invert(&ret, blinding, ctx)) goto err;
570 goto err;
571 550
572 p=buf; 551 p=buf;
573 j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ 552 j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
574 553
575 switch (padding) 554 switch (padding)
576 { 555 {
@@ -596,11 +575,11 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
596 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); 575 RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
597 576
598err: 577err:
599 if (ctx != NULL) 578 if (ctx != NULL) BN_CTX_free(ctx);
600 { 579 BN_clear_free(&f);
601 BN_CTX_end(ctx); 580 BN_clear_free(&ret);
602 BN_CTX_free(ctx); 581 if (local_blinding)
603 } 582 BN_BLINDING_free(blinding);
604 if (buf != NULL) 583 if (buf != NULL)
605 { 584 {
606 OPENSSL_cleanse(buf,num); 585 OPENSSL_cleanse(buf,num);
@@ -613,7 +592,7 @@ err:
613static int RSA_eay_public_decrypt(int flen, const unsigned char *from, 592static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
614 unsigned char *to, RSA *rsa, int padding) 593 unsigned char *to, RSA *rsa, int padding)
615 { 594 {
616 BIGNUM *f,*ret; 595 BIGNUM f,ret;
617 int i,num=0,r= -1; 596 int i,num=0,r= -1;
618 unsigned char *p; 597 unsigned char *p;
619 unsigned char *buf=NULL; 598 unsigned char *buf=NULL;
@@ -640,14 +619,15 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
640 return -1; 619 return -1;
641 } 620 }
642 } 621 }
643 622
644 if((ctx = BN_CTX_new()) == NULL) goto err; 623 BN_init(&f);
645 BN_CTX_start(ctx); 624 BN_init(&ret);
646 f = BN_CTX_get(ctx); 625 ctx=BN_CTX_new();
647 ret = BN_CTX_get(ctx); 626 if (ctx == NULL) goto err;
627
648 num=BN_num_bytes(rsa->n); 628 num=BN_num_bytes(rsa->n);
649 buf = OPENSSL_malloc(num); 629 buf=(unsigned char *)OPENSSL_malloc(num);
650 if(!f || !ret || !buf) 630 if (buf == NULL)
651 { 631 {
652 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); 632 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE);
653 goto err; 633 goto err;
@@ -661,33 +641,37 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
661 goto err; 641 goto err;
662 } 642 }
663 643
664 if (BN_bin2bn(from,flen,f) == NULL) goto err; 644 if (BN_bin2bn(from,flen,&f) == NULL) goto err;
665 645
666 if (BN_ucmp(f, rsa->n) >= 0) 646 if (BN_ucmp(&f, rsa->n) >= 0)
667 { 647 {
668 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS); 648 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
669 goto err; 649 goto err;
670 } 650 }
671 651
672 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 652 /* do the decrypt */
653
654 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
655 {
656 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n,
657 CRYPTO_LOCK_RSA, rsa->n, ctx))
658 goto err;
659 }
673 660
674 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 661 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
675 rsa->_method_mod_n)) goto err; 662 rsa->_method_mod_n)) goto err;
676 663
677 if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12)) 664 if ((padding == RSA_X931_PADDING) && ((ret.d[0] & 0xf) != 12))
678 BN_sub(ret, rsa->n, ret); 665 BN_sub(&ret, rsa->n, &ret);
679 666
680 p=buf; 667 p=buf;
681 i=BN_bn2bin(ret,p); 668 i=BN_bn2bin(&ret,p);
682 669
683 switch (padding) 670 switch (padding)
684 { 671 {
685 case RSA_PKCS1_PADDING: 672 case RSA_PKCS1_PADDING:
686 r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); 673 r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
687 break; 674 break;
688 case RSA_X931_PADDING:
689 r=RSA_padding_check_X931(to,num,buf,i,num);
690 break;
691 case RSA_NO_PADDING: 675 case RSA_NO_PADDING:
692 r=RSA_padding_check_none(to,num,buf,i,num); 676 r=RSA_padding_check_none(to,num,buf,i,num);
693 break; 677 break;
@@ -699,11 +683,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
699 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); 683 RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED);
700 684
701err: 685err:
702 if (ctx != NULL) 686 if (ctx != NULL) BN_CTX_free(ctx);
703 { 687 BN_clear_free(&f);
704 BN_CTX_end(ctx); 688 BN_clear_free(&ret);
705 BN_CTX_free(ctx);
706 }
707 if (buf != NULL) 689 if (buf != NULL)
708 { 690 {
709 OPENSSL_cleanse(buf,num); 691 OPENSSL_cleanse(buf,num);
@@ -712,111 +694,59 @@ err:
712 return(r); 694 return(r);
713 } 695 }
714 696
715static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) 697static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
716 { 698 {
717 BIGNUM *r1,*m1,*vrfy; 699 BIGNUM r1,m1,vrfy;
718 BIGNUM local_dmp1,local_dmq1,local_c,local_r1; 700 BIGNUM local_dmp1, local_dmq1;
719 BIGNUM *dmp1,*dmq1,*c,*pr1; 701 BIGNUM *dmp1, *dmq1;
720 int ret=0; 702 int ret=0;
703 BN_CTX *ctx;
721 704
722 BN_CTX_start(ctx); 705 BN_init(&m1);
723 r1 = BN_CTX_get(ctx); 706 BN_init(&r1);
724 m1 = BN_CTX_get(ctx); 707 BN_init(&vrfy);
725 vrfy = BN_CTX_get(ctx); 708 if ((ctx=BN_CTX_new()) == NULL) goto err;
726
727 {
728 BIGNUM local_p, local_q;
729 BIGNUM *p = NULL, *q = NULL;
730
731 /* Make sure BN_mod_inverse in Montgomery intialization uses the
732 * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
733 */
734 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
735 {
736 BN_init(&local_p);
737 p = &local_p;
738 BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
739
740 BN_init(&local_q);
741 q = &local_q;
742 BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
743 }
744 else
745 {
746 p = rsa->p;
747 q = rsa->q;
748 }
749
750 MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
751 MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
752 }
753
754 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err);
755 709
756 /* compute I mod q */ 710 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
757 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
758 {
759 c = &local_c;
760 BN_with_flags(c, I, BN_FLG_CONSTTIME);
761 if (!BN_mod(r1,c,rsa->q,ctx)) goto err;
762 }
763 else
764 { 711 {
765 if (!BN_mod(r1,I,rsa->q,ctx)) goto err; 712 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p,
713 CRYPTO_LOCK_RSA, rsa->p, ctx))
714 goto err;
715 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
716 CRYPTO_LOCK_RSA, rsa->q, ctx))
717 goto err;
766 } 718 }
767 719
768 /* compute r1^dmq1 mod q */ 720 if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
769 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 721 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
770 { 722 {
771 dmq1 = &local_dmq1; 723 dmq1 = &local_dmq1;
772 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME); 724 BN_with_flags(dmq1, rsa->dmq1, BN_FLG_EXP_CONSTTIME);
773 } 725 }
774 else 726 else
775 dmq1 = rsa->dmq1; 727 dmq1 = rsa->dmq1;
776 if (!rsa->meth->bn_mod_exp(m1,r1,dmq1,rsa->q,ctx, 728 if (!rsa->meth->bn_mod_exp(&m1,&r1,dmq1,rsa->q,ctx,
777 rsa->_method_mod_q)) goto err; 729 rsa->_method_mod_q)) goto err;
778 730
779 /* compute I mod p */ 731 if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
780 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 732 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
781 {
782 c = &local_c;
783 BN_with_flags(c, I, BN_FLG_CONSTTIME);
784 if (!BN_mod(r1,c,rsa->p,ctx)) goto err;
785 }
786 else
787 {
788 if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
789 }
790
791 /* compute r1^dmp1 mod p */
792 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
793 { 733 {
794 dmp1 = &local_dmp1; 734 dmp1 = &local_dmp1;
795 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME); 735 BN_with_flags(dmp1, rsa->dmp1, BN_FLG_EXP_CONSTTIME);
796 } 736 }
797 else 737 else
798 dmp1 = rsa->dmp1; 738 dmp1 = rsa->dmp1;
799 if (!rsa->meth->bn_mod_exp(r0,r1,dmp1,rsa->p,ctx, 739 if (!rsa->meth->bn_mod_exp(r0,&r1,dmp1,rsa->p,ctx,
800 rsa->_method_mod_p)) goto err; 740 rsa->_method_mod_p)) goto err;
801 741
802 if (!BN_sub(r0,r0,m1)) goto err; 742 if (!BN_sub(r0,r0,&m1)) goto err;
803 /* This will help stop the size of r0 increasing, which does 743 /* This will help stop the size of r0 increasing, which does
804 * affect the multiply if it optimised for a power of 2 size */ 744 * affect the multiply if it optimised for a power of 2 size */
805 if (BN_is_negative(r0)) 745 if (r0->neg)
806 if (!BN_add(r0,r0,rsa->p)) goto err; 746 if (!BN_add(r0,r0,rsa->p)) goto err;
807 747
808 if (!BN_mul(r1,r0,rsa->iqmp,ctx)) goto err; 748 if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
809 749 if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
810 /* Turn BN_FLG_CONSTTIME flag on before division operation */
811 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
812 {
813 pr1 = &local_r1;
814 BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
815 }
816 else
817 pr1 = r1;
818 if (!BN_mod(r0,pr1,rsa->p,ctx)) goto err;
819
820 /* If p < q it is occasionally possible for the correction of 750 /* If p < q it is occasionally possible for the correction of
821 * adding 'p' if r0 is negative above to leave the result still 751 * adding 'p' if r0 is negative above to leave the result still
822 * negative. This can break the private key operations: the following 752 * negative. This can break the private key operations: the following
@@ -824,23 +754,23 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
824 * This will *never* happen with OpenSSL generated keys because 754 * This will *never* happen with OpenSSL generated keys because
825 * they ensure p > q [steve] 755 * they ensure p > q [steve]
826 */ 756 */
827 if (BN_is_negative(r0)) 757 if (r0->neg)
828 if (!BN_add(r0,r0,rsa->p)) goto err; 758 if (!BN_add(r0,r0,rsa->p)) goto err;
829 if (!BN_mul(r1,r0,rsa->q,ctx)) goto err; 759 if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
830 if (!BN_add(r0,r1,m1)) goto err; 760 if (!BN_add(r0,&r1,&m1)) goto err;
831 761
832 if (rsa->e && rsa->n) 762 if (rsa->e && rsa->n)
833 { 763 {
834 if (!rsa->meth->bn_mod_exp(vrfy,r0,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) goto err; 764 if (!rsa->meth->bn_mod_exp(&vrfy,r0,rsa->e,rsa->n,ctx,NULL)) goto err;
835 /* If 'I' was greater than (or equal to) rsa->n, the operation 765 /* If 'I' was greater than (or equal to) rsa->n, the operation
836 * will be equivalent to using 'I mod n'. However, the result of 766 * will be equivalent to using 'I mod n'. However, the result of
837 * the verify will *always* be less than 'n' so we don't check 767 * the verify will *always* be less than 'n' so we don't check
838 * for absolute equality, just congruency. */ 768 * for absolute equality, just congruency. */
839 if (!BN_sub(vrfy, vrfy, I)) goto err; 769 if (!BN_sub(&vrfy, &vrfy, I)) goto err;
840 if (!BN_mod(vrfy, vrfy, rsa->n, ctx)) goto err; 770 if (!BN_mod(&vrfy, &vrfy, rsa->n, ctx)) goto err;
841 if (BN_is_negative(vrfy)) 771 if (vrfy.neg)
842 if (!BN_add(vrfy, vrfy, rsa->n)) goto err; 772 if (!BN_add(&vrfy, &vrfy, rsa->n)) goto err;
843 if (!BN_is_zero(vrfy)) 773 if (!BN_is_zero(&vrfy))
844 { 774 {
845 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak 775 /* 'I' and 'vrfy' aren't congruent mod n. Don't leak
846 * miscalculated CRT output, just do a raw (slower) 776 * miscalculated CRT output, just do a raw (slower)
@@ -849,20 +779,22 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
849 BIGNUM local_d; 779 BIGNUM local_d;
850 BIGNUM *d = NULL; 780 BIGNUM *d = NULL;
851 781
852 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 782 if (!(rsa->flags & RSA_FLAG_NO_EXP_CONSTTIME))
853 { 783 {
854 d = &local_d; 784 d = &local_d;
855 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 785 BN_with_flags(d, rsa->d, BN_FLG_EXP_CONSTTIME);
856 } 786 }
857 else 787 else
858 d = rsa->d; 788 d = rsa->d;
859 if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx, 789 if (!rsa->meth->bn_mod_exp(r0,I,d,rsa->n,ctx,NULL)) goto err;
860 rsa->_method_mod_n)) goto err;
861 } 790 }
862 } 791 }
863 ret=1; 792 ret=1;
864err: 793err:
865 BN_CTX_end(ctx); 794 BN_clear_free(&m1);
795 BN_clear_free(&r1);
796 BN_clear_free(&vrfy);
797 BN_CTX_free(ctx);
866 return(ret); 798 return(ret);
867 } 799 }
868 800
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index fe3ba1b44b..ddcb28e663 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -71,21 +71,14 @@
71static ERR_STRING_DATA RSA_str_functs[]= 71static ERR_STRING_DATA RSA_str_functs[]=
72 { 72 {
73{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, 73{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
74{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
75{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, 74{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
76{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"}, 75{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
77{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"}, 76{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
78{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"}, 77{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
79{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"}, 78{ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
80{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"}, 79{ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
81{ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
82{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"}, 80{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
83{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"}, 81{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
84{ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
85{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
86{ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
87{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
88{ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
89{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"}, 82{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
90{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"}, 83{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP), "RSA_padding_add_PKCS1_OAEP"},
91{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"}, 84{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS), "RSA_padding_add_PKCS1_PSS"},
@@ -101,7 +94,6 @@ static ERR_STRING_DATA RSA_str_functs[]=
101{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, 94{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
102{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, 95{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
103{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, 96{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
104{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
105{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, 97{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
106{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, 98{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
107{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, 99{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
@@ -138,21 +130,20 @@ static ERR_STRING_DATA RSA_str_reasons[]=
138{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, 130{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
139{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, 131{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
140{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 132{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
141{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
142{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, 133{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
143{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, 134{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
144{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, 135{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
136{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
145{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, 137{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
146{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, 138{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
147{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, 139{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
148{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"}, 140{ERR_REASON(RSA_R_RSA_OPERATIONS_NOT_SUPPORTED),"rsa operations not supported"},
149{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
150{ERR_REASON(RSA_R_SLEN_RECOVERY_FAILED) ,"salt length recovery failed"},
151{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"}, 141{ERR_REASON(RSA_R_SSLV3_ROLLBACK_ATTACK) ,"sslv3 rollback attack"},
152{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"}, 142{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
153{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"}, 143{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
154{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"}, 144{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
155{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"}, 145{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
146{ERR_REASON(RSA_R_SLEN_CHECK_FAILED) ,"salt length check failed"},
156{0,NULL} 147{0,NULL}
157 }; 148 };
158 149
@@ -160,12 +151,15 @@ static ERR_STRING_DATA RSA_str_reasons[]=
160 151
161void ERR_load_RSA_strings(void) 152void ERR_load_RSA_strings(void)
162 { 153 {
163#ifndef OPENSSL_NO_ERR 154 static int init=1;
164 155
165 if (ERR_func_error_string(RSA_str_functs[0].error) == NULL) 156 if (init)
166 { 157 {
158 init=0;
159#ifndef OPENSSL_NO_ERR
167 ERR_load_strings(0,RSA_str_functs); 160 ERR_load_strings(0,RSA_str_functs);
168 ERR_load_strings(0,RSA_str_reasons); 161 ERR_load_strings(0,RSA_str_reasons);
169 }
170#endif 162#endif
163
164 }
171 } 165 }
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 767f7ab682..dd1422cc98 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -56,42 +56,26 @@
56 * [including the GNU Public Licence.] 56 * [including the GNU Public Licence.]
57 */ 57 */
58 58
59
60/* NB: these functions have been "upgraded", the deprecated versions (which are
61 * compatibility wrappers using these functions) are in rsa_depr.c.
62 * - Geoff
63 */
64
65#include <stdio.h> 59#include <stdio.h>
66#include <time.h> 60#include <time.h>
67#include "cryptlib.h" 61#include "cryptlib.h"
68#include <openssl/bn.h> 62#include <openssl/bn.h>
69#include <openssl/rsa.h> 63#include <openssl/rsa.h>
70 64
71static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); 65#ifndef OPENSSL_FIPS
72 66
73/* NB: this wrapper would normally be placed in rsa_lib.c and the static 67RSA *RSA_generate_key(int bits, unsigned long e_value,
74 * implementation would probably be in rsa_eay.c. Nonetheless, is kept here so 68 void (*callback)(int,int,void *), void *cb_arg)
75 * that we don't introduce a new linker dependency. Eg. any application that
76 * wasn't previously linking object code related to key-generation won't have to
77 * now just because key-generation is part of RSA_METHOD. */
78int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
79 {
80 if(rsa->meth->rsa_keygen)
81 return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
82 return rsa_builtin_keygen(rsa, bits, e_value, cb);
83 }
84
85static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
86 { 69 {
70 RSA *rsa=NULL;
87 BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; 71 BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
88 BIGNUM local_r0,local_d,local_p; 72 int bitsp,bitsq,ok= -1,n=0,i;
89 BIGNUM *pr0,*d,*p; 73 BN_CTX *ctx=NULL,*ctx2=NULL;
90 int bitsp,bitsq,ok= -1,n=0;
91 BN_CTX *ctx=NULL;
92 74
93 ctx=BN_CTX_new(); 75 ctx=BN_CTX_new();
94 if (ctx == NULL) goto err; 76 if (ctx == NULL) goto err;
77 ctx2=BN_CTX_new();
78 if (ctx2 == NULL) goto err;
95 BN_CTX_start(ctx); 79 BN_CTX_start(ctx);
96 r0 = BN_CTX_get(ctx); 80 r0 = BN_CTX_get(ctx);
97 r1 = BN_CTX_get(ctx); 81 r1 = BN_CTX_get(ctx);
@@ -101,58 +85,49 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
101 85
102 bitsp=(bits+1)/2; 86 bitsp=(bits+1)/2;
103 bitsq=bits-bitsp; 87 bitsq=bits-bitsp;
88 rsa=RSA_new();
89 if (rsa == NULL) goto err;
104 90
105 /* We need the RSA components non-NULL */ 91 /* set e */
106 if(!rsa->n && ((rsa->n=BN_new()) == NULL)) goto err; 92 rsa->e=BN_new();
107 if(!rsa->d && ((rsa->d=BN_new()) == NULL)) goto err; 93 if (rsa->e == NULL) goto err;
108 if(!rsa->e && ((rsa->e=BN_new()) == NULL)) goto err;
109 if(!rsa->p && ((rsa->p=BN_new()) == NULL)) goto err;
110 if(!rsa->q && ((rsa->q=BN_new()) == NULL)) goto err;
111 if(!rsa->dmp1 && ((rsa->dmp1=BN_new()) == NULL)) goto err;
112 if(!rsa->dmq1 && ((rsa->dmq1=BN_new()) == NULL)) goto err;
113 if(!rsa->iqmp && ((rsa->iqmp=BN_new()) == NULL)) goto err;
114 94
115 BN_copy(rsa->e, e_value); 95#if 1
96 /* The problem is when building with 8, 16, or 32 BN_ULONG,
97 * unsigned long can be larger */
98 for (i=0; i<sizeof(unsigned long)*8; i++)
99 {
100 if (e_value & (1UL<<i))
101 BN_set_bit(rsa->e,i);
102 }
103#else
104 if (!BN_set_word(rsa->e,e_value)) goto err;
105#endif
116 106
117 /* generate p and q */ 107 /* generate p and q */
118 for (;;) 108 for (;;)
119 { 109 {
120 if(!BN_generate_prime_ex(rsa->p, bitsp, 0, NULL, NULL, cb)) 110 rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
121 goto err; 111 if (rsa->p == NULL) goto err;
122 if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; 112 if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
123 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; 113 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
124 if (BN_is_one(r1)) break; 114 if (BN_is_one(r1)) break;
125 if(!BN_GENCB_call(cb, 2, n++)) 115 if (callback != NULL) callback(2,n++,cb_arg);
126 goto err; 116 BN_free(rsa->p);
127 } 117 }
128 if(!BN_GENCB_call(cb, 3, 0)) 118 if (callback != NULL) callback(3,0,cb_arg);
129 goto err;
130 for (;;) 119 for (;;)
131 { 120 {
132 /* When generating ridiculously small keys, we can get stuck 121 rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
133 * continually regenerating the same prime values. Check for 122 if (rsa->q == NULL) goto err;
134 * this and bail if it happens 3 times. */
135 unsigned int degenerate = 0;
136 do
137 {
138 if(!BN_generate_prime_ex(rsa->q, bitsq, 0, NULL, NULL, cb))
139 goto err;
140 } while((BN_cmp(rsa->p, rsa->q) == 0) && (++degenerate < 3));
141 if(degenerate == 3)
142 {
143 ok = 0; /* we set our own err */
144 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,RSA_R_KEY_SIZE_TOO_SMALL);
145 goto err;
146 }
147 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; 123 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
148 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; 124 if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
149 if (BN_is_one(r1)) 125 if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0))
150 break; 126 break;
151 if(!BN_GENCB_call(cb, 2, n++)) 127 if (callback != NULL) callback(2,n++,cb_arg);
152 goto err; 128 BN_free(rsa->q);
153 } 129 }
154 if(!BN_GENCB_call(cb, 3, 1)) 130 if (callback != NULL) callback(3,1,cb_arg);
155 goto err;
156 if (BN_cmp(rsa->p,rsa->q) < 0) 131 if (BN_cmp(rsa->p,rsa->q) < 0)
157 { 132 {
158 tmp=rsa->p; 133 tmp=rsa->p;
@@ -161,59 +136,66 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
161 } 136 }
162 137
163 /* calculate n */ 138 /* calculate n */
139 rsa->n=BN_new();
140 if (rsa->n == NULL) goto err;
164 if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; 141 if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
165 142
166 /* calculate d */ 143 /* calculate d */
167 if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ 144 if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
168 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ 145 if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
169 if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ 146 if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
170 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
171 {
172 pr0 = &local_r0;
173 BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
174 }
175 else
176 pr0 = r0;
177 if (!BN_mod_inverse(rsa->d,rsa->e,pr0,ctx)) goto err; /* d */
178 147
179 /* set up d for correct BN_FLG_CONSTTIME flag */ 148/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
180 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 149/* for (;;)
181 { 150 {
182 d = &local_d; 151 if (!BN_gcd(r3,r0,rsa->e,ctx)) goto err;
183 BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME); 152 if (BN_is_one(r3)) break;
153
154 if (1)
155 {
156 if (!BN_add_word(rsa->e,2L)) goto err;
157 continue;
158 }
159 RSAerr(RSA_F_RSA_GENERATE_KEY,RSA_R_BAD_E_VALUE);
160 goto err;
184 } 161 }
185 else 162*/
186 d = rsa->d; 163 rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
164 if (rsa->d == NULL) goto err;
187 165
188 /* calculate d mod (p-1) */ 166 /* calculate d mod (p-1) */
189 if (!BN_mod(rsa->dmp1,d,r1,ctx)) goto err; 167 rsa->dmp1=BN_new();
168 if (rsa->dmp1 == NULL) goto err;
169 if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx)) goto err;
190 170
191 /* calculate d mod (q-1) */ 171 /* calculate d mod (q-1) */
192 if (!BN_mod(rsa->dmq1,d,r2,ctx)) goto err; 172 rsa->dmq1=BN_new();
173 if (rsa->dmq1 == NULL) goto err;
174 if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
193 175
194 /* calculate inverse of q mod p */ 176 /* calculate inverse of q mod p */
195 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 177 rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
196 { 178 if (rsa->iqmp == NULL) goto err;
197 p = &local_p;
198 BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
199 }
200 else
201 p = rsa->p;
202 if (!BN_mod_inverse(rsa->iqmp,rsa->q,p,ctx)) goto err;
203 179
204 ok=1; 180 ok=1;
205err: 181err:
206 if (ok == -1) 182 if (ok == -1)
207 { 183 {
208 RSAerr(RSA_F_RSA_BUILTIN_KEYGEN,ERR_LIB_BN); 184 RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);
209 ok=0; 185 ok=0;
210 } 186 }
211 if (ctx != NULL) 187 if (ctx != NULL)
212 {
213 BN_CTX_end(ctx); 188 BN_CTX_end(ctx);
214 BN_CTX_free(ctx); 189 BN_CTX_free(ctx);
190 BN_CTX_free(ctx2);
191
192 if (!ok)
193 {
194 if (rsa != NULL) RSA_free(rsa);
195 return(NULL);
215 } 196 }
216 197 else
217 return ok; 198 return(rsa);
218 } 199 }
219 200
201#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 104aa4c1f2..e4d622851e 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,7 +67,7 @@
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69 69
70const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT; 70const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
71 71
72static const RSA_METHOD *default_RSA_meth=NULL; 72static const RSA_METHOD *default_RSA_meth=NULL;
73 73
@@ -179,7 +179,6 @@ RSA *RSA_new_method(ENGINE *engine)
179 ret->_method_mod_p=NULL; 179 ret->_method_mod_p=NULL;
180 ret->_method_mod_q=NULL; 180 ret->_method_mod_q=NULL;
181 ret->blinding=NULL; 181 ret->blinding=NULL;
182 ret->mt_blinding=NULL;
183 ret->bignum_data=NULL; 182 ret->bignum_data=NULL;
184 ret->flags=ret->meth->flags; 183 ret->flags=ret->meth->flags;
185 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); 184 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
@@ -233,7 +232,6 @@ void RSA_free(RSA *r)
233 if (r->dmq1 != NULL) BN_clear_free(r->dmq1); 232 if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
234 if (r->iqmp != NULL) BN_clear_free(r->iqmp); 233 if (r->iqmp != NULL) BN_clear_free(r->iqmp);
235 if (r->blinding != NULL) BN_BLINDING_free(r->blinding); 234 if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
236 if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
237 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data); 235 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
238 OPENSSL_free(r); 236 OPENSSL_free(r);
239 } 237 }
@@ -316,117 +314,59 @@ void RSA_blinding_off(RSA *rsa)
316 rsa->flags |= RSA_FLAG_NO_BLINDING; 314 rsa->flags |= RSA_FLAG_NO_BLINDING;
317 } 315 }
318 316
319int RSA_blinding_on(RSA *rsa, BN_CTX *ctx) 317int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
320 { 318 {
321 int ret=0; 319 BIGNUM *A,*Ai = NULL;
322
323 if (rsa->blinding != NULL)
324 RSA_blinding_off(rsa);
325
326 rsa->blinding = RSA_setup_blinding(rsa, ctx);
327 if (rsa->blinding == NULL)
328 goto err;
329
330 rsa->flags |= RSA_FLAG_BLINDING;
331 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
332 ret=1;
333err:
334 return(ret);
335 }
336
337static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
338 const BIGNUM *q, BN_CTX *ctx)
339{
340 BIGNUM *ret = NULL, *r0, *r1, *r2;
341
342 if (d == NULL || p == NULL || q == NULL)
343 return NULL;
344
345 BN_CTX_start(ctx);
346 r0 = BN_CTX_get(ctx);
347 r1 = BN_CTX_get(ctx);
348 r2 = BN_CTX_get(ctx);
349 if (r2 == NULL)
350 goto err;
351
352 if (!BN_sub(r1, p, BN_value_one())) goto err;
353 if (!BN_sub(r2, q, BN_value_one())) goto err;
354 if (!BN_mul(r0, r1, r2, ctx)) goto err;
355
356 ret = BN_mod_inverse(NULL, d, r0, ctx);
357err:
358 BN_CTX_end(ctx);
359 return ret;
360}
361
362BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
363{
364 BIGNUM local_n;
365 BIGNUM *e,*n;
366 BN_CTX *ctx; 320 BN_CTX *ctx;
367 BN_BLINDING *ret = NULL; 321 int ret=0;
368 322
369 if (in_ctx == NULL) 323 if (p_ctx == NULL)
370 { 324 {
371 if ((ctx = BN_CTX_new()) == NULL) return 0; 325 if ((ctx=BN_CTX_new()) == NULL) goto err;
372 } 326 }
373 else 327 else
374 ctx = in_ctx; 328 ctx=p_ctx;
375 329
376 BN_CTX_start(ctx); 330 /* XXXXX: Shouldn't this be RSA_blinding_off(rsa)? */
377 e = BN_CTX_get(ctx); 331 if (rsa->blinding != NULL)
378 if (e == NULL)
379 { 332 {
380 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE); 333 BN_BLINDING_free(rsa->blinding);
381 goto err; 334 rsa->blinding = NULL;
382 } 335 }
383 336
384 if (rsa->e == NULL) 337 /* NB: similar code appears in setup_blinding (rsa_eay.c);
385 { 338 * this should be placed in a new function of its own, but for reasons
386 e = rsa_get_public_exp(rsa->d, rsa->p, rsa->q, ctx); 339 * of binary compatibility can't */
387 if (e == NULL)
388 {
389 RSAerr(RSA_F_RSA_SETUP_BLINDING, RSA_R_NO_PUBLIC_EXPONENT);
390 goto err;
391 }
392 }
393 else
394 e = rsa->e;
395 340
396 341 BN_CTX_start(ctx);
342 A = BN_CTX_get(ctx);
397 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) 343 if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL)
398 { 344 {
399 /* if PRNG is not properly seeded, resort to secret 345 /* if PRNG is not properly seeded, resort to secret exponent as unpredictable seed */
400 * exponent as unpredictable seed */ 346 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0);
401 RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0); 347 if (!BN_pseudo_rand_range(A,rsa->n)) goto err;
402 } 348 }
403 349 else
404 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
405 { 350 {
406 /* Set BN_FLG_CONSTTIME flag */ 351 if (!BN_rand_range(A,rsa->n)) goto err;
407 n = &local_n;
408 BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
409 } 352 }
410 else 353 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
411 n = rsa->n;
412 354
413 ret = BN_BLINDING_create_param(NULL, e, n, ctx, 355 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
414 rsa->meth->bn_mod_exp, rsa->_method_mod_n);
415 if (ret == NULL)
416 {
417 RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
418 goto err; 356 goto err;
419 } 357 if ((rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n)) == NULL) goto err;
420 BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id()); 358 /* to make things thread-safe without excessive locking,
359 * rsa->blinding will be used just by the current thread: */
360 rsa->blinding->thread_id = CRYPTO_thread_id();
361 rsa->flags |= RSA_FLAG_BLINDING;
362 rsa->flags &= ~RSA_FLAG_NO_BLINDING;
363 ret=1;
421err: 364err:
365 if (Ai != NULL) BN_free(Ai);
422 BN_CTX_end(ctx); 366 BN_CTX_end(ctx);
423 if (in_ctx == NULL) 367 if (ctx != p_ctx) BN_CTX_free(ctx);
424 BN_CTX_free(ctx); 368 return(ret);
425 if(rsa->e == NULL) 369 }
426 BN_free(e);
427
428 return ret;
429}
430 370
431int RSA_memory_lock(RSA *r) 371int RSA_memory_lock(RSA *r)
432 { 372 {
@@ -449,7 +389,7 @@ int RSA_memory_lock(RSA *r)
449 j+= (*t[i])->top; 389 j+= (*t[i])->top;
450 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) 390 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
451 { 391 {
452 RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); 392 RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
453 return(0); 393 return(0);
454 } 394 }
455 bn=(BIGNUM *)p; 395 bn=(BIGNUM *)p;
diff --git a/src/lib/libcrypto/rsa/rsa_null.c b/src/lib/libcrypto/rsa/rsa_null.c
new file mode 100644
index 0000000000..64057fbdcf
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_null.c
@@ -0,0 +1,150 @@
1/* rsa_null.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL
3 * project 1999.
4 */
5/* ====================================================================
6 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/bn.h>
62#include <openssl/rsa.h>
63#include <openssl/rand.h>
64
65/* This is a dummy RSA implementation that just returns errors when called.
66 * It is designed to allow some RSA functions to work while stopping those
67 * covered by the RSA patent. That is RSA, encryption, decryption, signing
68 * and verify is not allowed but RSA key generation, key checking and other
69 * operations (like storing RSA keys) are permitted.
70 */
71
72static int RSA_null_public_encrypt(int flen, const unsigned char *from,
73 unsigned char *to, RSA *rsa,int padding);
74static int RSA_null_private_encrypt(int flen, const unsigned char *from,
75 unsigned char *to, RSA *rsa,int padding);
76static int RSA_null_public_decrypt(int flen, const unsigned char *from,
77 unsigned char *to, RSA *rsa,int padding);
78static int RSA_null_private_decrypt(int flen, const unsigned char *from,
79 unsigned char *to, RSA *rsa,int padding);
80#if 0 /* not currently used */
81static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
82#endif
83static int RSA_null_init(RSA *rsa);
84static int RSA_null_finish(RSA *rsa);
85static RSA_METHOD rsa_null_meth={
86 "Null RSA",
87 RSA_null_public_encrypt,
88 RSA_null_public_decrypt,
89 RSA_null_private_encrypt,
90 RSA_null_private_decrypt,
91 NULL,
92 NULL,
93 RSA_null_init,
94 RSA_null_finish,
95 0,
96 NULL,
97 };
98
99const RSA_METHOD *RSA_null_method(void)
100 {
101 return(&rsa_null_meth);
102 }
103
104static int RSA_null_public_encrypt(int flen, const unsigned char *from,
105 unsigned char *to, RSA *rsa, int padding)
106 {
107 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
108 return -1;
109 }
110
111static int RSA_null_private_encrypt(int flen, const unsigned char *from,
112 unsigned char *to, RSA *rsa, int padding)
113 {
114 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
115 return -1;
116 }
117
118static int RSA_null_private_decrypt(int flen, const unsigned char *from,
119 unsigned char *to, RSA *rsa, int padding)
120 {
121 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
122 return -1;
123 }
124
125static int RSA_null_public_decrypt(int flen, const unsigned char *from,
126 unsigned char *to, RSA *rsa, int padding)
127 {
128 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
129 return -1;
130 }
131
132#if 0 /* not currently used */
133static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
134 {
135 RSAerr(RSA_F_RSA_NULL, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
136 return -1;
137 }
138#endif
139
140static int RSA_null_init(RSA *rsa)
141 {
142 return(1);
143 }
144
145static int RSA_null_finish(RSA *rsa)
146 {
147 return(1);
148 }
149
150
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 3652677a99..d43ecaca63 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -28,9 +28,6 @@
28#include <openssl/rand.h> 28#include <openssl/rand.h>
29#include <openssl/sha.h> 29#include <openssl/sha.h>
30 30
31int MGF1(unsigned char *mask, long len,
32 const unsigned char *seed, long seedlen);
33
34int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, 31int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
35 const unsigned char *from, int flen, 32 const unsigned char *from, int flen,
36 const unsigned char *param, int plen) 33 const unsigned char *param, int plen)
@@ -76,11 +73,13 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
76 20); 73 20);
77#endif 74#endif
78 75
79 MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); 76 PKCS1_MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH,
77 EVP_sha1());
80 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) 78 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
81 db[i] ^= dbmask[i]; 79 db[i] ^= dbmask[i];
82 80
83 MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); 81 PKCS1_MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH,
82 EVP_sha1());
84 for (i = 0; i < SHA_DIGEST_LENGTH; i++) 83 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
85 seed[i] ^= seedmask[i]; 84 seed[i] ^= seedmask[i];
86 85
@@ -96,7 +95,6 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
96 const unsigned char *maskeddb; 95 const unsigned char *maskeddb;
97 int lzero; 96 int lzero;
98 unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; 97 unsigned char *db = NULL, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
99 unsigned char *padded_from;
100 int bad = 0; 98 int bad = 0;
101 99
102 if (--num < 2 * SHA_DIGEST_LENGTH + 1) 100 if (--num < 2 * SHA_DIGEST_LENGTH + 1)
@@ -107,6 +105,8 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
107 lzero = num - flen; 105 lzero = num - flen;
108 if (lzero < 0) 106 if (lzero < 0)
109 { 107 {
108 /* lzero == -1 */
109
110 /* signalling this error immediately after detection might allow 110 /* signalling this error immediately after detection might allow
111 * for side-channel attacks (e.g. timing if 'plen' is huge 111 * for side-channel attacks (e.g. timing if 'plen' is huge
112 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal 112 * -- cf. James H. Manger, "A Chosen Ciphertext Attack on RSA Optimal
@@ -114,30 +114,22 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
114 * so we use a 'bad' flag */ 114 * so we use a 'bad' flag */
115 bad = 1; 115 bad = 1;
116 lzero = 0; 116 lzero = 0;
117 flen = num; /* don't overflow the memcpy to padded_from */
118 } 117 }
118 maskeddb = from - lzero + SHA_DIGEST_LENGTH;
119 119
120 dblen = num - SHA_DIGEST_LENGTH; 120 dblen = num - SHA_DIGEST_LENGTH;
121 db = OPENSSL_malloc(dblen + num); 121 db = OPENSSL_malloc(dblen);
122 if (db == NULL) 122 if (db == NULL)
123 { 123 {
124 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); 124 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
125 return -1; 125 return -1;
126 } 126 }
127 127
128 /* Always do this zero-padding copy (even when lzero == 0) 128 PKCS1_MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen, EVP_sha1());
129 * to avoid leaking timing info about the value of lzero. */ 129 for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
130 padded_from = db + dblen; 130 seed[i] ^= from[i - lzero];
131 memset(padded_from, 0, lzero);
132 memcpy(padded_from + lzero, from, flen);
133
134 maskeddb = padded_from + SHA_DIGEST_LENGTH;
135
136 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
137 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
138 seed[i] ^= padded_from[i];
139 131
140 MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); 132 PKCS1_MGF1(db, dblen, seed, SHA_DIGEST_LENGTH, EVP_sha1());
141 for (i = 0; i < dblen; i++) 133 for (i = 0; i < dblen; i++)
142 db[i] ^= maskeddb[i]; 134 db[i] ^= maskeddb[i];
143 135
@@ -150,13 +142,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
150 for (i = SHA_DIGEST_LENGTH; i < dblen; i++) 142 for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
151 if (db[i] != 0x00) 143 if (db[i] != 0x00)
152 break; 144 break;
153 if (i == dblen || db[i] != 0x01) 145 if (db[i] != 0x01 || i++ >= dblen)
154 goto decoding_err; 146 goto decoding_err;
155 else 147 else
156 { 148 {
157 /* everything looks OK */ 149 /* everything looks OK */
158 150
159 mlen = dblen - ++i; 151 mlen = dblen - i;
160 if (tlen < mlen) 152 if (tlen < mlen)
161 { 153 {
162 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); 154 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index f98e0a80a6..24fc94835e 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -107,8 +107,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
107 RSA *rsa) 107 RSA *rsa)
108 { 108 {
109 int i,ret=0; 109 int i,ret=0;
110 unsigned char *s; 110 unsigned char *p,*s;
111 const unsigned char *p;
112 ASN1_OCTET_STRING *sig=NULL; 111 ASN1_OCTET_STRING *sig=NULL;
113 112
114 if (siglen != (unsigned int)RSA_size(rsa)) 113 if (siglen != (unsigned int)RSA_size(rsa))
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 71aabeea1b..db86f1ac58 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -146,7 +146,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
146 unsigned char *sigbuf, unsigned int siglen, RSA *rsa) 146 unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
147 { 147 {
148 int i,ret=0,sigtype; 148 int i,ret=0,sigtype;
149 unsigned char *s; 149 unsigned char *p,*s;
150 X509_SIG *sig=NULL; 150 X509_SIG *sig=NULL;
151 151
152 if (siglen != (unsigned int)RSA_size(rsa)) 152 if (siglen != (unsigned int)RSA_size(rsa))
@@ -181,7 +181,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
181 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); 181 RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
182 else ret = 1; 182 else ret = 1;
183 } else { 183 } else {
184 const unsigned char *p=s; 184 p=s;
185 sig=d2i_X509_SIG(NULL,&p,(long)i); 185 sig=d2i_X509_SIG(NULL,&p,(long)i);
186 186
187 if (sig == NULL) goto err; 187 if (sig == NULL) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_test.c b/src/lib/libcrypto/rsa/rsa_test.c
new file mode 100644
index 0000000000..218bb2a39b
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_test.c
@@ -0,0 +1,318 @@
1/* test vectors from p1ovect1.txt */
2
3#include <stdio.h>
4#include <string.h>
5
6#include "e_os.h"
7
8#include <openssl/crypto.h>
9#include <openssl/err.h>
10#include <openssl/rand.h>
11#ifdef OPENSSL_NO_RSA
12int main(int argc, char *argv[])
13{
14 printf("No RSA support\n");
15 return(0);
16}
17#else
18#include <openssl/rsa.h>
19
20#define SetKey \
21 key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
22 key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
23 key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
24 key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
25 key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
26 key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
27 key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
28 key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
29 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
30 return (sizeof(ctext_ex) - 1);
31
32static int key1(RSA *key, unsigned char *c)
33 {
34 static unsigned char n[] =
35"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
36"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
37"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
38"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
39"\xF5";
40
41 static unsigned char e[] = "\x11";
42
43 static unsigned char d[] =
44"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
45"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
46"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
47"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
48
49 static unsigned char p[] =
50"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
51"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
52"\x0D";
53
54 static unsigned char q[] =
55"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
56"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
57"\x89";
58
59 static unsigned char dmp1[] =
60"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
61"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
62
63 static unsigned char dmq1[] =
64"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
65"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
66"\x51";
67
68 static unsigned char iqmp[] =
69"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
70"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
71
72 static unsigned char ctext_ex[] =
73"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
74"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
75"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
76"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
77
78 SetKey;
79 }
80
81static int key2(RSA *key, unsigned char *c)
82 {
83 static unsigned char n[] =
84"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
85"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
86"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
87"\x34\x77\xCF";
88
89 static unsigned char e[] = "\x3";
90
91 static unsigned char d[] =
92"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
93"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
94"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
95"\xE5\xEB";
96
97 static unsigned char p[] =
98"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
99"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
100
101 static unsigned char q[] =
102"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
103"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
104
105 static unsigned char dmp1[] =
106"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
107"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
108
109 static unsigned char dmq1[] =
110"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
111"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
112
113 static unsigned char iqmp[] =
114"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
115"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
116
117 static unsigned char ctext_ex[] =
118"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
119"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
120"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
121"\x62\x51";
122
123 SetKey;
124 }
125
126static int key3(RSA *key, unsigned char *c)
127 {
128 static unsigned char n[] =
129"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
130"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
131"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
132"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
133"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
134"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
135"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
136"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
137"\xCB";
138
139 static unsigned char e[] = "\x11";
140
141 static unsigned char d[] =
142"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
143"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
144"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
145"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
146"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
147"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
148"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
149"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
150"\xC1";
151
152 static unsigned char p[] =
153"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
154"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
155"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
156"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
157"\x99";
158
159 static unsigned char q[] =
160"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
161"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
162"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
163"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
164"\x03";
165
166 static unsigned char dmp1[] =
167"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
168"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
169"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
170"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
171
172 static unsigned char dmq1[] =
173"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
174"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
175"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
176"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
177
178 static unsigned char iqmp[] =
179"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
180"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
181"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
182"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
183"\xF7";
184
185 static unsigned char ctext_ex[] =
186"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
187"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
188"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
189"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
190"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
191"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
192"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
193"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
194
195 SetKey;
196 }
197
198static int pad_unknown(void)
199{
200 unsigned long l;
201 while ((l = ERR_get_error()) != 0)
202 if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
203 return(1);
204 return(0);
205}
206
207static const char rnd_seed[] = "string to make the random number generator think it has entropy";
208
209int main(int argc, char *argv[])
210 {
211 int err=0;
212 int v;
213 RSA *key;
214 unsigned char ptext[256];
215 unsigned char ctext[256];
216 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
217 unsigned char ctext_ex[256];
218 int plen;
219 int clen = 0;
220 int num;
221
222 CRYPTO_malloc_debug_init();
223 CRYPTO_dbg_set_options(V_CRYPTO_MDEBUG_ALL);
224 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
225
226 RAND_seed(rnd_seed, sizeof rnd_seed); /* or OAEP may fail */
227
228 plen = sizeof(ptext_ex) - 1;
229
230 for (v = 0; v < 6; v++)
231 {
232 key = RSA_new();
233 switch (v%3) {
234 case 0:
235 clen = key1(key, ctext_ex);
236 break;
237 case 1:
238 clen = key2(key, ctext_ex);
239 break;
240 case 2:
241 clen = key3(key, ctext_ex);
242 break;
243 }
244 if (v/3 > 1) key->flags |= RSA_FLAG_NO_EXP_CONSTTIME;
245
246 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
247 RSA_PKCS1_PADDING);
248 if (num != clen)
249 {
250 printf("PKCS#1 v1.5 encryption failed!\n");
251 err=1;
252 goto oaep;
253 }
254
255 num = RSA_private_decrypt(num, ctext, ptext, key,
256 RSA_PKCS1_PADDING);
257 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
258 {
259 printf("PKCS#1 v1.5 decryption failed!\n");
260 err=1;
261 }
262 else
263 printf("PKCS #1 v1.5 encryption/decryption ok\n");
264
265 oaep:
266 ERR_clear_error();
267 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
268 RSA_PKCS1_OAEP_PADDING);
269 if (num == -1 && pad_unknown())
270 {
271 printf("No OAEP support\n");
272 goto next;
273 }
274 if (num != clen)
275 {
276 printf("OAEP encryption failed!\n");
277 err=1;
278 goto next;
279 }
280
281 num = RSA_private_decrypt(num, ctext, ptext, key,
282 RSA_PKCS1_OAEP_PADDING);
283 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
284 {
285 printf("OAEP decryption (encrypted data) failed!\n");
286 err=1;
287 }
288 else if (memcmp(ctext, ctext_ex, num) == 0)
289 {
290 printf("OAEP test vector %d passed!\n", v);
291 goto next;
292 }
293
294 /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
295 Try decrypting ctext_ex */
296
297 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
298 RSA_PKCS1_OAEP_PADDING);
299
300 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
301 {
302 printf("OAEP decryption (test vector data) failed!\n");
303 err=1;
304 }
305 else
306 printf("OAEP encryption/decryption ok\n");
307 next:
308 RSA_free(key);
309 }
310
311 CRYPTO_cleanup_all_ex_data();
312 ERR_remove_state(0);
313
314 CRYPTO_mem_leaks_fp(stderr);
315
316 return err;
317 }
318#endif
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-08-04 02:22:38 +0000