summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/rsa.h41
-rw-r--r--src/lib/libcrypto/rsa/rsa_asn1.c2
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c41
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c10
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c3
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c272
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c2
-rw-r--r--src/lib/libcrypto/rsa/rsa_pss.c6
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c24
-rw-r--r--src/lib/libcrypto/rsa/rsa_ssl.c2
-rw-r--r--src/lib/libcrypto/rsa/rsa_x931.c2
11 files changed, 121 insertions, 284 deletions
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index 6b5e4f8a9a..5bb932ae15 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -74,6 +74,25 @@
74#error RSA is disabled. 74#error RSA is disabled.
75#endif 75#endif
76 76
77/* If this flag is set the RSA method is FIPS compliant and can be used
78 * in FIPS mode. This is set in the validated module method. If an
79 * application sets this flag in its own methods it is its reposibility
80 * to ensure the result is compliant.
81 */
82
83#define RSA_FLAG_FIPS_METHOD 0x0400
84
85/* If this flag is set the operations normally disabled in FIPS mode are
86 * permitted it is then the applications responsibility to ensure that the
87 * usage is compliant.
88 */
89
90#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
91
92#ifdef OPENSSL_FIPS
93#define FIPS_RSA_SIZE_T int
94#endif
95
77#ifdef __cplusplus 96#ifdef __cplusplus
78extern "C" { 97extern "C" {
79#endif 98#endif
@@ -163,6 +182,8 @@ struct rsa_st
163# define OPENSSL_RSA_MAX_MODULUS_BITS 16384 182# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
164#endif 183#endif
165 184
185#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
186
166#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS 187#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
167# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072 188# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
168#endif 189#endif
@@ -240,6 +261,11 @@ RSA * RSA_generate_key(int bits, unsigned long e,void
240 261
241/* New version */ 262/* New version */
242int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb); 263int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
264int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
265 const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
266 const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
267 const BIGNUM *e, BN_GENCB *cb);
268int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
243 269
244int RSA_check_key(const RSA *); 270int RSA_check_key(const RSA *);
245 /* next 4 return -1 on error */ 271 /* next 4 return -1 on error */
@@ -257,6 +283,11 @@ int RSA_up_ref(RSA *r);
257 283
258int RSA_flags(const RSA *r); 284int RSA_flags(const RSA *r);
259 285
286#ifdef OPENSSL_FIPS
287RSA *FIPS_rsa_new(void);
288void FIPS_rsa_free(RSA *r);
289#endif
290
260void RSA_set_default_method(const RSA_METHOD *meth); 291void RSA_set_default_method(const RSA_METHOD *meth);
261const RSA_METHOD *RSA_get_default_method(void); 292const RSA_METHOD *RSA_get_default_method(void);
262const RSA_METHOD *RSA_get_method(const RSA *rsa); 293const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -281,6 +312,7 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset);
281int RSA_print(BIO *bp, const RSA *r,int offset); 312int RSA_print(BIO *bp, const RSA *r,int offset);
282#endif 313#endif
283 314
315#ifndef OPENSSL_NO_RC4
284int i2d_RSA_NET(const RSA *a, unsigned char **pp, 316int i2d_RSA_NET(const RSA *a, unsigned char **pp,
285 int (*cb)(char *buf, int len, const char *prompt, int verify), 317 int (*cb)(char *buf, int len, const char *prompt, int verify),
286 int sgckey); 318 int sgckey);
@@ -294,6 +326,7 @@ int i2d_Netscape_RSA(const RSA *a, unsigned char **pp,
294RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, 326RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
295 int (*cb)(char *buf, int len, const char *prompt, 327 int (*cb)(char *buf, int len, const char *prompt,
296 int verify)); 328 int verify));
329#endif
297 330
298/* The following 2 functions sign and verify a X509_SIG ASN1 object 331/* The following 2 functions sign and verify a X509_SIG ASN1 object
299 * inside PKCS#1 padded RSA encryption */ 332 * inside PKCS#1 padded RSA encryption */
@@ -368,6 +401,8 @@ void ERR_load_RSA_strings(void);
368/* Error codes for the RSA functions. */ 401/* Error codes for the RSA functions. */
369 402
370/* Function codes. */ 403/* Function codes. */
404#define RSA_F_FIPS_RSA_SIGN 140
405#define RSA_F_FIPS_RSA_VERIFY 141
371#define RSA_F_MEMORY_LOCK 100 406#define RSA_F_MEMORY_LOCK 100
372#define RSA_F_RSA_BUILTIN_KEYGEN 129 407#define RSA_F_RSA_BUILTIN_KEYGEN 129
373#define RSA_F_RSA_CHECK_KEY 123 408#define RSA_F_RSA_CHECK_KEY 123
@@ -399,7 +434,11 @@ void ERR_load_RSA_strings(void);
399#define RSA_F_RSA_PADDING_CHECK_X931 128 434#define RSA_F_RSA_PADDING_CHECK_X931 128
400#define RSA_F_RSA_PRINT 115 435#define RSA_F_RSA_PRINT 115
401#define RSA_F_RSA_PRINT_FP 116 436#define RSA_F_RSA_PRINT_FP 116
437#define RSA_F_RSA_PRIVATE_ENCRYPT 137
438#define RSA_F_RSA_PUBLIC_DECRYPT 138
402#define RSA_F_RSA_SETUP_BLINDING 136 439#define RSA_F_RSA_SETUP_BLINDING 136
440#define RSA_F_RSA_SET_DEFAULT_METHOD 139
441#define RSA_F_RSA_SET_METHOD 142
403#define RSA_F_RSA_SIGN 117 442#define RSA_F_RSA_SIGN 117
404#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 443#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
405#define RSA_F_RSA_VERIFY 119 444#define RSA_F_RSA_VERIFY 119
@@ -433,10 +472,12 @@ void ERR_load_RSA_strings(void);
433#define RSA_R_KEY_SIZE_TOO_SMALL 120 472#define RSA_R_KEY_SIZE_TOO_SMALL 120
434#define RSA_R_LAST_OCTET_INVALID 134 473#define RSA_R_LAST_OCTET_INVALID 134
435#define RSA_R_MODULUS_TOO_LARGE 105 474#define RSA_R_MODULUS_TOO_LARGE 105
475#define RSA_R_NON_FIPS_METHOD 141
436#define RSA_R_NO_PUBLIC_EXPONENT 140 476#define RSA_R_NO_PUBLIC_EXPONENT 140
437#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 477#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
438#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 478#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
439#define RSA_R_OAEP_DECODING_ERROR 121 479#define RSA_R_OAEP_DECODING_ERROR 121
480#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
440#define RSA_R_PADDING_CHECK_FAILED 114 481#define RSA_R_PADDING_CHECK_FAILED 114
441#define RSA_R_P_NOT_PRIME 128 482#define RSA_R_P_NOT_PRIME 128
442#define RSA_R_Q_NOT_PRIME 129 483#define RSA_R_Q_NOT_PRIME 129
diff --git a/src/lib/libcrypto/rsa/rsa_asn1.c b/src/lib/libcrypto/rsa/rsa_asn1.c
index bbbf26d50e..6e8a803e81 100644
--- a/src/lib/libcrypto/rsa/rsa_asn1.c
+++ b/src/lib/libcrypto/rsa/rsa_asn1.c
@@ -1,5 +1,5 @@
1/* rsa_asn1.c */ 1/* rsa_asn1.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2000. 3 * project 2000.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index ffadaab9a4..0ac6418449 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -115,7 +115,7 @@
115#include <openssl/rsa.h> 115#include <openssl/rsa.h>
116#include <openssl/rand.h> 116#include <openssl/rand.h>
117 117
118#ifndef RSA_NULL 118#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
119 119
120static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 120static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
121 unsigned char *to, RSA *rsa,int padding); 121 unsigned char *to, RSA *rsa,int padding);
@@ -150,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void)
150 return(&rsa_pkcs1_eay_meth); 150 return(&rsa_pkcs1_eay_meth);
151 } 151 }
152 152
153/* Usage example;
154 * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err);
155 */
156#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \
157 if ((pre_cond) && ((method_mod) == NULL) && \
158 !BN_MONT_CTX_set_locked(&(method_mod), \
159 CRYPTO_LOCK_RSA, \
160 (m), (ctx))) \
161 err_instr
162
163static int RSA_eay_public_encrypt(int flen, const unsigned char *from, 153static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
164 unsigned char *to, RSA *rsa, int padding) 154 unsigned char *to, RSA *rsa, int padding)
165 { 155 {
@@ -233,7 +223,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
233 goto err; 223 goto err;
234 } 224 }
235 225
236 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 226 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
227 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
228 goto err;
237 229
238 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 230 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
239 rsa->_method_mod_n)) goto err; 231 rsa->_method_mod_n)) goto err;
@@ -438,7 +430,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
438 else 430 else
439 d= rsa->d; 431 d= rsa->d;
440 432
441 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 433 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
434 if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
435 goto err;
442 436
443 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 437 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
444 rsa->_method_mod_n)) goto err; 438 rsa->_method_mod_n)) goto err;
@@ -559,7 +553,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
559 else 553 else
560 d = rsa->d; 554 d = rsa->d;
561 555
562 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 556 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
557 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
558 goto err;
563 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, 559 if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
564 rsa->_method_mod_n)) 560 rsa->_method_mod_n))
565 goto err; 561 goto err;
@@ -669,7 +665,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
669 goto err; 665 goto err;
670 } 666 }
671 667
672 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 668 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
669 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
670 goto err;
673 671
674 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, 672 if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
675 rsa->_method_mod_n)) goto err; 673 rsa->_method_mod_n)) goto err;
@@ -747,11 +745,18 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
747 q = rsa->q; 745 q = rsa->q;
748 } 746 }
749 747
750 MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); 748 if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
751 MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); 749 {
750 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
751 goto err;
752 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
753 goto err;
754 }
752 } 755 }
753 756
754 MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); 757 if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
758 if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
759 goto err;
755 760
756 /* compute I mod q */ 761 /* compute I mod q */
757 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) 762 if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index fe3ba1b44b..501f5ea389 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
1/* crypto/rsa/rsa_err.c */ 1/* crypto/rsa/rsa_err.c */
2/* ==================================================================== 2/* ====================================================================
3 * Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved. 3 * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
@@ -70,6 +70,8 @@
70 70
71static ERR_STRING_DATA RSA_str_functs[]= 71static ERR_STRING_DATA RSA_str_functs[]=
72 { 72 {
73{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
74{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
73{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, 75{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
74{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, 76{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
75{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, 77{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
@@ -101,7 +103,11 @@ static ERR_STRING_DATA RSA_str_functs[]=
101{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"}, 103{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
102{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"}, 104{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
103{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"}, 105{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
106{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
107{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
104{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"}, 108{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
109{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
110{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
105{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"}, 111{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
106{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"}, 112{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
107{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"}, 113{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
@@ -138,10 +144,12 @@ static ERR_STRING_DATA RSA_str_reasons[]=
138{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"}, 144{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
139{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"}, 145{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
140{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"}, 146{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
147{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"},
141{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"}, 148{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
142{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"}, 149{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
143{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"}, 150{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
144{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"}, 151{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
152{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
145{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"}, 153{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
146{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"}, 154{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
147{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"}, 155{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 767f7ab682..41278f83c6 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -68,6 +68,8 @@
68#include <openssl/bn.h> 68#include <openssl/bn.h>
69#include <openssl/rsa.h> 69#include <openssl/rsa.h>
70 70
71#ifndef OPENSSL_FIPS
72
71static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb); 73static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
72 74
73/* NB: this wrapper would normally be placed in rsa_lib.c and the static 75/* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -217,3 +219,4 @@ err:
217 return ok; 219 return ok;
218 } 220 }
219 221
222#endif
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 104aa4c1f2..5714841f4c 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -67,215 +67,6 @@
67#include <openssl/engine.h> 67#include <openssl/engine.h>
68#endif 68#endif
69 69
70const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
71
72static const RSA_METHOD *default_RSA_meth=NULL;
73
74RSA *RSA_new(void)
75 {
76 RSA *r=RSA_new_method(NULL);
77
78 return r;
79 }
80
81void RSA_set_default_method(const RSA_METHOD *meth)
82 {
83 default_RSA_meth = meth;
84 }
85
86const RSA_METHOD *RSA_get_default_method(void)
87 {
88 if (default_RSA_meth == NULL)
89 {
90#ifdef RSA_NULL
91 default_RSA_meth=RSA_null_method();
92#else
93#if 0 /* was: #ifdef RSAref */
94 default_RSA_meth=RSA_PKCS1_RSAref();
95#else
96 default_RSA_meth=RSA_PKCS1_SSLeay();
97#endif
98#endif
99 }
100
101 return default_RSA_meth;
102 }
103
104const RSA_METHOD *RSA_get_method(const RSA *rsa)
105 {
106 return rsa->meth;
107 }
108
109int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
110 {
111 /* NB: The caller is specifically setting a method, so it's not up to us
112 * to deal with which ENGINE it comes from. */
113 const RSA_METHOD *mtmp;
114 mtmp = rsa->meth;
115 if (mtmp->finish) mtmp->finish(rsa);
116#ifndef OPENSSL_NO_ENGINE
117 if (rsa->engine)
118 {
119 ENGINE_finish(rsa->engine);
120 rsa->engine = NULL;
121 }
122#endif
123 rsa->meth = meth;
124 if (meth->init) meth->init(rsa);
125 return 1;
126 }
127
128RSA *RSA_new_method(ENGINE *engine)
129 {
130 RSA *ret;
131
132 ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
133 if (ret == NULL)
134 {
135 RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
136 return NULL;
137 }
138
139 ret->meth = RSA_get_default_method();
140#ifndef OPENSSL_NO_ENGINE
141 if (engine)
142 {
143 if (!ENGINE_init(engine))
144 {
145 RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
146 OPENSSL_free(ret);
147 return NULL;
148 }
149 ret->engine = engine;
150 }
151 else
152 ret->engine = ENGINE_get_default_RSA();
153 if(ret->engine)
154 {
155 ret->meth = ENGINE_get_RSA(ret->engine);
156 if(!ret->meth)
157 {
158 RSAerr(RSA_F_RSA_NEW_METHOD,
159 ERR_R_ENGINE_LIB);
160 ENGINE_finish(ret->engine);
161 OPENSSL_free(ret);
162 return NULL;
163 }
164 }
165#endif
166
167 ret->pad=0;
168 ret->version=0;
169 ret->n=NULL;
170 ret->e=NULL;
171 ret->d=NULL;
172 ret->p=NULL;
173 ret->q=NULL;
174 ret->dmp1=NULL;
175 ret->dmq1=NULL;
176 ret->iqmp=NULL;
177 ret->references=1;
178 ret->_method_mod_n=NULL;
179 ret->_method_mod_p=NULL;
180 ret->_method_mod_q=NULL;
181 ret->blinding=NULL;
182 ret->mt_blinding=NULL;
183 ret->bignum_data=NULL;
184 ret->flags=ret->meth->flags;
185 CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
186 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
187 {
188#ifndef OPENSSL_NO_ENGINE
189 if (ret->engine)
190 ENGINE_finish(ret->engine);
191#endif
192 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
193 OPENSSL_free(ret);
194 ret=NULL;
195 }
196 return(ret);
197 }
198
199void RSA_free(RSA *r)
200 {
201 int i;
202
203 if (r == NULL) return;
204
205 i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
206#ifdef REF_PRINT
207 REF_PRINT("RSA",r);
208#endif
209 if (i > 0) return;
210#ifdef REF_CHECK
211 if (i < 0)
212 {
213 fprintf(stderr,"RSA_free, bad reference count\n");
214 abort();
215 }
216#endif
217
218 if (r->meth->finish)
219 r->meth->finish(r);
220#ifndef OPENSSL_NO_ENGINE
221 if (r->engine)
222 ENGINE_finish(r->engine);
223#endif
224
225 CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
226
227 if (r->n != NULL) BN_clear_free(r->n);
228 if (r->e != NULL) BN_clear_free(r->e);
229 if (r->d != NULL) BN_clear_free(r->d);
230 if (r->p != NULL) BN_clear_free(r->p);
231 if (r->q != NULL) BN_clear_free(r->q);
232 if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
233 if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
234 if (r->iqmp != NULL) BN_clear_free(r->iqmp);
235 if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
236 if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
237 if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
238 OPENSSL_free(r);
239 }
240
241int RSA_up_ref(RSA *r)
242 {
243 int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
244#ifdef REF_PRINT
245 REF_PRINT("RSA",r);
246#endif
247#ifdef REF_CHECK
248 if (i < 2)
249 {
250 fprintf(stderr, "RSA_up_ref, bad reference count\n");
251 abort();
252 }
253#endif
254 return ((i > 1) ? 1 : 0);
255 }
256
257int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
258 CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
259 {
260 return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
261 new_func, dup_func, free_func);
262 }
263
264int RSA_set_ex_data(RSA *r, int idx, void *arg)
265 {
266 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
267 }
268
269void *RSA_get_ex_data(const RSA *r, int idx)
270 {
271 return(CRYPTO_get_ex_data(&r->ex_data,idx));
272 }
273
274int RSA_size(const RSA *r)
275 {
276 return(BN_num_bytes(r->n));
277 }
278
279int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to, 70int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
280 RSA *rsa, int padding) 71 RSA *rsa, int padding)
281 { 72 {
@@ -285,6 +76,13 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
285int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to, 76int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
286 RSA *rsa, int padding) 77 RSA *rsa, int padding)
287 { 78 {
79#ifdef OPENSSL_FIPS
80 if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
81 {
82 RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
83 return 0;
84 }
85#endif
288 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); 86 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
289 } 87 }
290 88
@@ -297,12 +95,19 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
297int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to, 95int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
298 RSA *rsa, int padding) 96 RSA *rsa, int padding)
299 { 97 {
98#ifdef OPENSSL_FIPS
99 if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
100 {
101 RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
102 return 0;
103 }
104#endif
300 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); 105 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
301 } 106 }
302 107
303int RSA_flags(const RSA *r) 108int RSA_size(const RSA *r)
304 { 109 {
305 return((r == NULL)?0:r->meth->flags); 110 return(BN_num_bytes(r->n));
306 } 111 }
307 112
308void RSA_blinding_off(RSA *rsa) 113void RSA_blinding_off(RSA *rsa)
@@ -427,48 +232,3 @@ err:
427 232
428 return ret; 233 return ret;
429} 234}
430
431int RSA_memory_lock(RSA *r)
432 {
433 int i,j,k,off;
434 char *p;
435 BIGNUM *bn,**t[6],*b;
436 BN_ULONG *ul;
437
438 if (r->d == NULL) return(1);
439 t[0]= &r->d;
440 t[1]= &r->p;
441 t[2]= &r->q;
442 t[3]= &r->dmp1;
443 t[4]= &r->dmq1;
444 t[5]= &r->iqmp;
445 k=sizeof(BIGNUM)*6;
446 off=k/sizeof(BN_ULONG)+1;
447 j=1;
448 for (i=0; i<6; i++)
449 j+= (*t[i])->top;
450 if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
451 {
452 RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
453 return(0);
454 }
455 bn=(BIGNUM *)p;
456 ul=(BN_ULONG *)&(p[off]);
457 for (i=0; i<6; i++)
458 {
459 b= *(t[i]);
460 *(t[i])= &(bn[i]);
461 memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
462 bn[i].flags=BN_FLG_STATIC_DATA;
463 bn[i].d=ul;
464 memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
465 ul+=b->top;
466 BN_clear_free(b);
467 }
468
469 /* I should fix this so it can still be done */
470 r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
471
472 r->bignum_data=p;
473 return(1);
474 }
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
index 3652677a99..4d30c9d2d3 100644
--- a/src/lib/libcrypto/rsa/rsa_oaep.c
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -187,7 +187,7 @@ int PKCS1_MGF1(unsigned char *mask, long len,
187 int mdlen; 187 int mdlen;
188 188
189 EVP_MD_CTX_init(&c); 189 EVP_MD_CTX_init(&c);
190 mdlen = EVP_MD_size(dgst); 190 mdlen = M_EVP_MD_size(dgst);
191 for (i = 0; outlen < len; i++) 191 for (i = 0; outlen < len; i++)
192 { 192 {
193 cnt[0] = (unsigned char)((i >> 24) & 255); 193 cnt[0] = (unsigned char)((i >> 24) & 255);
diff --git a/src/lib/libcrypto/rsa/rsa_pss.c b/src/lib/libcrypto/rsa/rsa_pss.c
index e19d18c5b9..9b993aca49 100644
--- a/src/lib/libcrypto/rsa/rsa_pss.c
+++ b/src/lib/libcrypto/rsa/rsa_pss.c
@@ -1,5 +1,5 @@
1/* rsa_pss.c */ 1/* rsa_pss.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
@@ -81,7 +81,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
81 EVP_MD_CTX ctx; 81 EVP_MD_CTX ctx;
82 unsigned char H_[EVP_MAX_MD_SIZE]; 82 unsigned char H_[EVP_MAX_MD_SIZE];
83 83
84 hLen = EVP_MD_size(Hash); 84 hLen = M_EVP_MD_size(Hash);
85 /* 85 /*
86 * Negative sLen has special meanings: 86 * Negative sLen has special meanings:
87 * -1 sLen == hLen 87 * -1 sLen == hLen
@@ -176,7 +176,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
176 unsigned char *H, *salt = NULL, *p; 176 unsigned char *H, *salt = NULL, *p;
177 EVP_MD_CTX ctx; 177 EVP_MD_CTX ctx;
178 178
179 hLen = EVP_MD_size(Hash); 179 hLen = M_EVP_MD_size(Hash);
180 /* 180 /*
181 * Negative sLen has special meanings: 181 * Negative sLen has special meanings:
182 * -1 sLen == hLen 182 * -1 sLen == hLen
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 71aabeea1b..5488c06f6d 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -90,6 +90,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
90 i = SSL_SIG_LENGTH; 90 i = SSL_SIG_LENGTH;
91 s = m; 91 s = m;
92 } else { 92 } else {
93 /* NB: in FIPS mode block anything that isn't a TLS signature */
94#ifdef OPENSSL_FIPS
95 if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
96 {
97 RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
98 return 0;
99 }
100#endif
93 sig.algor= &algor; 101 sig.algor= &algor;
94 sig.algor->algorithm=OBJ_nid2obj(type); 102 sig.algor->algorithm=OBJ_nid2obj(type);
95 if (sig.algor->algorithm == NULL) 103 if (sig.algor->algorithm == NULL)
@@ -167,10 +175,22 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
167 RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); 175 RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
168 goto err; 176 goto err;
169 } 177 }
170 if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { 178 if(dtype == NID_md5_sha1)
179 {
180 if (m_len != SSL_SIG_LENGTH)
181 {
171 RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); 182 RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
172 goto err; 183 goto err;
173 } 184 }
185 }
186 /* NB: in FIPS mode block anything that isn't a TLS signature */
187#ifdef OPENSSL_FIPS
188 else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
189 {
190 RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
191 return 0;
192 }
193#endif
174 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); 194 i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
175 195
176 if (i <= 0) goto err; 196 if (i <= 0) goto err;
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index ea72629494..cfeff15bc9 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
130 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); 130 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
131 return(-1); 131 return(-1);
132 } 132 }
133 for (k= -8; k<0; k++) 133 for (k = -9; k<-1; k++)
134 { 134 {
135 if (p[k] != 0x03) break; 135 if (p[k] != 0x03) break;
136 } 136 }
diff --git a/src/lib/libcrypto/rsa/rsa_x931.c b/src/lib/libcrypto/rsa/rsa_x931.c
index e918654176..21548e37ed 100644
--- a/src/lib/libcrypto/rsa/rsa_x931.c
+++ b/src/lib/libcrypto/rsa/rsa_x931.c
@@ -1,5 +1,5 @@
1/* rsa_x931.c */ 1/* rsa_x931.c */
2/* Written by Dr Stephen N Henson (shenson@bigfoot.com) for the OpenSSL 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2005. 3 * project 2005.
4 */ 4 */
5/* ==================================================================== 5/* ====================================================================
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-12-08 02:08:44 +0000