summaryrefslogtreecommitdiff
path: root/src/lib/libcrypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'src/lib/libcrypto/rsa')
-rw-r--r--src/lib/libcrypto/rsa/Makefile.ssl134
-rw-r--r--src/lib/libcrypto/rsa/rsa.err45
-rw-r--r--src/lib/libcrypto/rsa/rsa.h203
-rw-r--r--src/lib/libcrypto/rsa/rsa_chk.c184
-rw-r--r--src/lib/libcrypto/rsa/rsa_eay.c164
-rw-r--r--src/lib/libcrypto/rsa/rsa_err.c133
-rw-r--r--src/lib/libcrypto/rsa/rsa_gen.c14
-rw-r--r--src/lib/libcrypto/rsa/rsa_lib.c167
-rw-r--r--src/lib/libcrypto/rsa/rsa_none.c47
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep.c162
-rw-r--r--src/lib/libcrypto/rsa/rsa_oaep_test.c309
-rw-r--r--src/lib/libcrypto/rsa/rsa_pk1.c53
-rw-r--r--src/lib/libcrypto/rsa/rsa_saos.c27
-rw-r--r--src/lib/libcrypto/rsa/rsa_sign.c28
-rw-r--r--src/lib/libcrypto/rsa/rsa_ssl.c22
15 files changed, 1194 insertions, 498 deletions
diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl
index d52f2e609e..da704fc558 100644
--- a/src/lib/libcrypto/rsa/Makefile.ssl
+++ b/src/lib/libcrypto/rsa/Makefile.ssl
@@ -7,25 +7,25 @@ TOP= ../..
7CC= cc 7CC= cc
8INCLUDES= -I.. -I../../include 8INCLUDES= -I.. -I../../include
9CFLAG=-g 9CFLAG=-g
10INSTALL_PREFIX=
11OPENSSLDIR= /usr/local/ssl
10INSTALLTOP=/usr/local/ssl 12INSTALLTOP=/usr/local/ssl
11MAKE= make -f Makefile.ssl 13MAKE= make -f Makefile.ssl
12MAKEDEPEND= makedepend -f Makefile.ssl 14MAKEDEPEND= $(TOP)/util/domd $(TOP)
13MAKEFILE= Makefile.ssl 15MAKEFILE= Makefile.ssl
14AR= ar r 16AR= ar r
15 17
16CFLAGS= $(INCLUDES) $(CFLAG) 18CFLAGS= $(INCLUDES) $(CFLAG)
17 19
18ERR=rsa
19ERRC=rsa_err
20GENERAL=Makefile 20GENERAL=Makefile
21TEST= 21TEST=rsa_oaep_test.c
22APPS= 22APPS=
23 23
24LIB=$(TOP)/libcrypto.a 24LIB=$(TOP)/libcrypto.a
25LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \ 25LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
26 rsa_pk1.c rsa_ssl.c rsa_none.c 26 rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c
27LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \ 27LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
28 rsa_pk1.o rsa_ssl.o rsa_none.o 28 rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o
29 29
30SRC= $(LIBSRC) 30SRC= $(LIBSRC)
31 31
@@ -41,24 +41,23 @@ all: lib
41 41
42lib: $(LIBOBJ) 42lib: $(LIBOBJ)
43 $(AR) $(LIB) $(LIBOBJ) 43 $(AR) $(LIB) $(LIBOBJ)
44 sh $(TOP)/util/ranlib.sh $(LIB) 44 $(RANLIB) $(LIB)
45 @touch lib 45 @touch lib
46 46
47files: 47files:
48 perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO 48 $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO
49 49
50links: 50links:
51 /bin/rm -f Makefile 51 @$(TOP)/util/point.sh Makefile.ssl Makefile
52 $(TOP)/util/point.sh Makefile.ssl Makefile ; 52 @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER)
53 $(TOP)/util/mklink.sh ../../include $(EXHEADER) 53 @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST)
54 $(TOP)/util/mklink.sh ../../test $(TEST) 54 @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS)
55 $(TOP)/util/mklink.sh ../../apps $(APPS)
56 55
57install: 56install:
58 @for i in $(EXHEADER) ; \ 57 @for i in $(EXHEADER) ; \
59 do \ 58 do \
60 (cp $$i $(INSTALLTOP)/include/$$i; \ 59 (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \
61 chmod 644 $(INSTALLTOP)/include/$$i ); \ 60 chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \
62 done; 61 done;
63 62
64tags: 63tags:
@@ -70,17 +69,104 @@ lint:
70 lint -DLINT $(INCLUDES) $(SRC)>fluff 69 lint -DLINT $(INCLUDES) $(SRC)>fluff
71 70
72depend: 71depend:
73 $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) 72 $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC)
74 73
75dclean: 74dclean:
76 perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new 75 $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new
77 mv -f Makefile.new $(MAKEFILE) 76 mv -f Makefile.new $(MAKEFILE)
78 77
79clean: 78clean:
80 /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff 79 rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff
81
82errors:
83 perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h
84 perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c
85 80
86# DO NOT DELETE THIS LINE -- make depend depends on it. 81# DO NOT DELETE THIS LINE -- make depend depends on it.
82
83rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
84rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
85rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
86rsa_chk.o: ../../include/openssl/stack.h
87rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
88rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
89rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
90rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
91rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
92rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
93rsa_eay.o: ../cryptlib.h
94rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
95rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
96rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
97rsa_err.o: ../../include/openssl/stack.h
98rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
99rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
100rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
101rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
102rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
103rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h
104rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
105rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
106rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
107rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
108rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
109rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
110rsa_lib.o: ../cryptlib.h
111rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
112rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
113rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
114rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
115rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
116rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
117rsa_none.o: ../cryptlib.h
118rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
119rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
120rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
121rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
122rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
123rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/sha.h
124rsa_oaep.o: ../../include/openssl/stack.h ../cryptlib.h
125rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
126rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
127rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
128rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
129rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
130rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
131rsa_pk1.o: ../cryptlib.h
132rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
133rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
134rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
135rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
136rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
137rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
138rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
139rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
140rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
141rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
142rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
143rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
144rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
145rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
146rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
147rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
148rsa_saos.o: ../cryptlib.h
149rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
150rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h
151rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h
152rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h
153rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h
154rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
155rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
156rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h
157rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h
158rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
159rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h
160rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h
161rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h
162rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
163rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
164rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
165rsa_sign.o: ../cryptlib.h
166rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
167rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
168rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
169rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
170rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h
171rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h
172rsa_ssl.o: ../cryptlib.h
diff --git a/src/lib/libcrypto/rsa/rsa.err b/src/lib/libcrypto/rsa/rsa.err
deleted file mode 100644
index 5ded1b5fa2..0000000000
--- a/src/lib/libcrypto/rsa/rsa.err
+++ /dev/null
@@ -1,45 +0,0 @@
1/* Error codes for the RSA functions. */
2
3/* Function codes. */
4#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100
5#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101
6#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102
7#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103
8#define RSA_F_RSA_GENERATE_KEY 104
9#define RSA_F_RSA_NEW_METHOD 105
10#define RSA_F_RSA_PADDING_ADD_NONE 106
11#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107
12#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108
13#define RSA_F_RSA_PADDING_ADD_SSLV23 109
14#define RSA_F_RSA_PADDING_CHECK_NONE 110
15#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111
16#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112
17#define RSA_F_RSA_PADDING_CHECK_SSLV23 113
18#define RSA_F_RSA_PRINT 114
19#define RSA_F_RSA_PRINT_FP 115
20#define RSA_F_RSA_SIGN 116
21#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117
22#define RSA_F_RSA_VERIFY 118
23#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119
24
25/* Reason codes. */
26#define RSA_R_ALGORITHM_MISMATCH 100
27#define RSA_R_BAD_E_VALUE 101
28#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
29#define RSA_R_BAD_PAD_BYTE_COUNT 103
30#define RSA_R_BAD_SIGNATURE 104
31#define RSA_R_BAD_ZERO_BYTE 105
32#define RSA_R_BLOCK_TYPE_IS_NOT_01 106
33#define RSA_R_BLOCK_TYPE_IS_NOT_02 107
34#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
35#define RSA_R_DATA_TOO_LARGE 109
36#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
37#define RSA_R_DATA_TOO_SMALL 111
38#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
39#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
40#define RSA_R_PADDING_CHECK_FAILED 114
41#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
42#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
43#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
44#define RSA_R_UNKNOWN_PADDING_TYPE 118
45#define RSA_R_WRONG_SIGNATURE_LENGTH 119
diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h
index aeb78ffcd3..9230b2fcc9 100644
--- a/src/lib/libcrypto/rsa/rsa.h
+++ b/src/lib/libcrypto/rsa/rsa.h
@@ -63,26 +63,37 @@
63extern "C" { 63extern "C" {
64#endif 64#endif
65 65
66#include "bn.h" 66#include <openssl/bn.h>
67#include "crypto.h" 67#include <openssl/crypto.h>
68
69#ifdef NO_RSA
70#error RSA is disabled.
71#endif
72
73typedef struct rsa_st RSA;
68 74
69typedef struct rsa_meth_st 75typedef struct rsa_meth_st
70 { 76 {
71 char *name; 77 const char *name;
72 int (*rsa_pub_enc)(); 78 int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to,
73 int (*rsa_pub_dec)(); 79 RSA *rsa,int padding);
74 int (*rsa_priv_enc)(); 80 int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to,
75 int (*rsa_priv_dec)(); 81 RSA *rsa,int padding);
76 int (*rsa_mod_exp)(); /* Can be null */ 82 int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to,
77 int (*bn_mod_exp)(); /* Can be null */ 83 RSA *rsa,int padding);
78 int (*init)(/* RSA * */); /* called at new */ 84 int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to,
79 int (*finish)(/* RSA * */); /* called at free */ 85 RSA *rsa,int padding);
80 86 int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */
87 int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p,
88 const BIGNUM *m, BN_CTX *ctx,
89 BN_MONT_CTX *m_ctx); /* Can be null */
90 int (*init)(RSA *rsa); /* called at new */
91 int (*finish)(RSA *rsa); /* called at free */
81 int flags; /* RSA_METHOD_FLAG_* things */ 92 int flags; /* RSA_METHOD_FLAG_* things */
82 char *app_data; /* may be needed! */ 93 char *app_data; /* may be needed! */
83 } RSA_METHOD; 94 } RSA_METHOD;
84 95
85typedef struct rsa_st 96struct rsa_st
86 { 97 {
87 /* The first parameter is used to pickup errors where 98 /* The first parameter is used to pickup errors where
88 * this is passed instead of aEVP_PKEY, it is set to 0 */ 99 * this is passed instead of aEVP_PKEY, it is set to 0 */
@@ -97,41 +108,52 @@ typedef struct rsa_st
97 BIGNUM *dmp1; 108 BIGNUM *dmp1;
98 BIGNUM *dmq1; 109 BIGNUM *dmq1;
99 BIGNUM *iqmp; 110 BIGNUM *iqmp;
100 /* be carefull using this if the RSA structure is shared */ 111 /* be careful using this if the RSA structure is shared */
101 CRYPTO_EX_DATA ex_data; 112 CRYPTO_EX_DATA ex_data;
102 int references; 113 int references;
103 int flags; 114 int flags;
104 115
105 /* Normally used to cached montgomery values */ 116 /* Used to cache montgomery values */
106 char *method_mod_n; 117 BN_MONT_CTX *_method_mod_n;
107 char *method_mod_p; 118 BN_MONT_CTX *_method_mod_p;
108 char *method_mod_q; 119 BN_MONT_CTX *_method_mod_q;
109 120
121 /* all BIGNUM values are actually in the following data, if it is not
122 * NULL */
123 char *bignum_data;
110 BN_BLINDING *blinding; 124 BN_BLINDING *blinding;
111 } RSA; 125 };
112 126
113#define RSA_3 0x3L 127#define RSA_3 0x3L
114#define RSA_F4 0x10001L 128#define RSA_F4 0x10001L
115 129
116#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ 130#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */
131
117#define RSA_FLAG_CACHE_PUBLIC 0x02 132#define RSA_FLAG_CACHE_PUBLIC 0x02
118#define RSA_FLAG_CACHE_PRIVATE 0x04 133#define RSA_FLAG_CACHE_PRIVATE 0x04
119#define RSA_FLAG_BLINDING 0x08 134#define RSA_FLAG_BLINDING 0x08
120#define RSA_FLAG_THREAD_SAFE 0x10 135#define RSA_FLAG_THREAD_SAFE 0x10
136/* This flag means the private key operations will be handled by rsa_mod_exp
137 * and that they do not depend on the private key components being present:
138 * for example a key stored in external hardware. Without this flag bn_mod_exp
139 * gets called when private key components are absent.
140 */
141#define RSA_FLAG_EXT_PKEY 0x20
121 142
122#define RSA_PKCS1_PADDING 1 143#define RSA_PKCS1_PADDING 1
123#define RSA_SSLV23_PADDING 2 144#define RSA_SSLV23_PADDING 2
124#define RSA_NO_PADDING 3 145#define RSA_NO_PADDING 3
146#define RSA_PKCS1_OAEP_PADDING 4
125 147
126#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg) 148#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg)
127#define RSA_get_app_data(s) RSA_get_ex_data(s,0) 149#define RSA_get_app_data(s) RSA_get_ex_data(s,0)
128 150
129#ifndef NOPROTO
130RSA * RSA_new(void); 151RSA * RSA_new(void);
131RSA * RSA_new_method(RSA_METHOD *method); 152RSA * RSA_new_method(RSA_METHOD *method);
132int RSA_size(RSA *); 153int RSA_size(RSA *);
133RSA * RSA_generate_key(int bits, unsigned long e,void 154RSA * RSA_generate_key(int bits, unsigned long e,void
134 (*callback)(int,int,char *),char *cb_arg); 155 (*callback)(int,int,void *),void *cb_arg);
156int RSA_check_key(RSA *);
135 /* next 4 return -1 on error */ 157 /* next 4 return -1 on error */
136int RSA_public_encrypt(int flen, unsigned char *from, 158int RSA_public_encrypt(int flen, unsigned char *from,
137 unsigned char *to, RSA *rsa,int padding); 159 unsigned char *to, RSA *rsa,int padding);
@@ -146,6 +168,12 @@ void RSA_free (RSA *r);
146int RSA_flags(RSA *r); 168int RSA_flags(RSA *r);
147 169
148void RSA_set_default_method(RSA_METHOD *meth); 170void RSA_set_default_method(RSA_METHOD *meth);
171RSA_METHOD *RSA_get_default_method(void);
172RSA_METHOD *RSA_get_method(RSA *rsa);
173RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth);
174
175/* This function needs the memory locking malloc callbacks to be installed */
176int RSA_memory_lock(RSA *r);
149 177
150/* If you have RSAref compiled in. */ 178/* If you have RSAref compiled in. */
151RSA_METHOD *RSA_PKCS1_RSAref(void); 179RSA_METHOD *RSA_PKCS1_RSAref(void);
@@ -193,107 +221,63 @@ void RSA_blinding_off(RSA *rsa);
193int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, 221int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
194 unsigned char *f,int fl); 222 unsigned char *f,int fl);
195int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, 223int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
196 unsigned char *f,int fl); 224 unsigned char *f,int fl,int rsa_len);
197int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, 225int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
198 unsigned char *f,int fl); 226 unsigned char *f,int fl);
199int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, 227int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
200 unsigned char *f,int fl); 228 unsigned char *f,int fl,int rsa_len);
229int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
230 unsigned char *f,int fl,unsigned char *p,
231 int pl);
232int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen,
233 unsigned char *f,int fl,int rsa_len,
234 unsigned char *p,int pl);
201int RSA_padding_add_SSLv23(unsigned char *to,int tlen, 235int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
202 unsigned char *f,int fl); 236 unsigned char *f,int fl);
203int RSA_padding_check_SSLv23(unsigned char *to,int tlen, 237int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
204 unsigned char *f,int fl); 238 unsigned char *f,int fl,int rsa_len);
205int RSA_padding_add_none(unsigned char *to,int tlen, 239int RSA_padding_add_none(unsigned char *to,int tlen,
206 unsigned char *f,int fl); 240 unsigned char *f,int fl);
207int RSA_padding_check_none(unsigned char *to,int tlen, 241int RSA_padding_check_none(unsigned char *to,int tlen,
208 unsigned char *f,int fl); 242 unsigned char *f,int fl,int rsa_len);
209 243
210int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), 244int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
211 int (*dup_func)(), void (*free_func)()); 245 int (*dup_func)(), void (*free_func)());
212int RSA_set_ex_data(RSA *r,int idx,char *arg); 246int RSA_set_ex_data(RSA *r,int idx,char *arg);
213char *RSA_get_ex_data(RSA *r, int idx); 247char *RSA_get_ex_data(RSA *r, int idx);
214 248
215#else
216
217RSA * RSA_new();
218RSA * RSA_new_method();
219int RSA_size();
220RSA * RSA_generate_key();
221int RSA_public_encrypt();
222int RSA_private_encrypt();
223int RSA_public_decrypt();
224int RSA_private_decrypt();
225void RSA_free ();
226
227int RSA_flags();
228
229void RSA_set_default_method();
230
231/* RSA_METHOD *RSA_PKCS1_RSAref(); */
232RSA_METHOD *RSA_PKCS1_SSLeay();
233
234void ERR_load_RSA_strings();
235
236RSA * d2i_RSAPublicKey();
237int i2d_RSAPublicKey();
238RSA * d2i_RSAPrivateKey();
239int i2d_RSAPrivateKey();
240#ifndef NO_FP_API
241int RSA_print_fp();
242#endif
243
244int RSA_print();
245
246int i2d_Netscape_RSA();
247RSA *d2i_Netscape_RSA();
248RSA *d2i_Netscape_RSA_2();
249
250int RSA_sign();
251int RSA_verify();
252
253int RSA_sign_ASN1_OCTET_STRING();
254int RSA_verify_ASN1_OCTET_STRING();
255int RSA_blinding_on();
256void RSA_blinding_off();
257
258int RSA_padding_add_PKCS1_type_1();
259int RSA_padding_check_PKCS1_type_1();
260int RSA_padding_add_PKCS1_type_2();
261int RSA_padding_check_PKCS1_type_2();
262int RSA_padding_add_SSLv23();
263int RSA_padding_check_SSLv23();
264int RSA_padding_add_none();
265int RSA_padding_check_none();
266
267int RSA_get_ex_new_index();
268int RSA_set_ex_data();
269char *RSA_get_ex_data();
270
271#endif
272
273/* BEGIN ERROR CODES */ 249/* BEGIN ERROR CODES */
250/* The following lines are auto generated by the script mkerr.pl. Any changes
251 * made after this point may be overwritten when the script is next run.
252 */
253
274/* Error codes for the RSA functions. */ 254/* Error codes for the RSA functions. */
275 255
276/* Function codes. */ 256/* Function codes. */
277#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 257#define RSA_F_MEMORY_LOCK 100
278#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 258#define RSA_F_RSA_CHECK_KEY 123
279#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 259#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
280#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 260#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
281#define RSA_F_RSA_GENERATE_KEY 104 261#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
282#define RSA_F_RSA_NEW_METHOD 105 262#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
283#define RSA_F_RSA_PADDING_ADD_NONE 106 263#define RSA_F_RSA_GENERATE_KEY 105
284#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 264#define RSA_F_RSA_NEW_METHOD 106
285#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 265#define RSA_F_RSA_PADDING_ADD_NONE 107
286#define RSA_F_RSA_PADDING_ADD_SSLV23 109 266#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121
287#define RSA_F_RSA_PADDING_CHECK_NONE 110 267#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
288#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 268#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
289#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 269#define RSA_F_RSA_PADDING_ADD_SSLV23 110
290#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 270#define RSA_F_RSA_PADDING_CHECK_NONE 111
291#define RSA_F_RSA_PRINT 114 271#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122
292#define RSA_F_RSA_PRINT_FP 115 272#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
293#define RSA_F_RSA_SIGN 116 273#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
294#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 274#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
295#define RSA_F_RSA_VERIFY 118 275#define RSA_F_RSA_PRINT 115
296#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 276#define RSA_F_RSA_PRINT_FP 116
277#define RSA_F_RSA_SIGN 117
278#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
279#define RSA_F_RSA_VERIFY 119
280#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
297 281
298/* Reason codes. */ 282/* Reason codes. */
299#define RSA_R_ALGORITHM_MISMATCH 100 283#define RSA_R_ALGORITHM_MISMATCH 100
@@ -301,22 +285,31 @@ char *RSA_get_ex_data();
301#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 285#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102
302#define RSA_R_BAD_PAD_BYTE_COUNT 103 286#define RSA_R_BAD_PAD_BYTE_COUNT 103
303#define RSA_R_BAD_SIGNATURE 104 287#define RSA_R_BAD_SIGNATURE 104
304#define RSA_R_BAD_ZERO_BYTE 105
305#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 288#define RSA_R_BLOCK_TYPE_IS_NOT_01 106
306#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 289#define RSA_R_BLOCK_TYPE_IS_NOT_02 107
307#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 290#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108
308#define RSA_R_DATA_TOO_LARGE 109 291#define RSA_R_DATA_TOO_LARGE 109
309#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 292#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
310#define RSA_R_DATA_TOO_SMALL 111 293#define RSA_R_DATA_TOO_SMALL 111
294#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
295#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
311#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 296#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
297#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
298#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
299#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
300#define RSA_R_KEY_SIZE_TOO_SMALL 120
312#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 301#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
302#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
303#define RSA_R_OAEP_DECODING_ERROR 121
313#define RSA_R_PADDING_CHECK_FAILED 114 304#define RSA_R_PADDING_CHECK_FAILED 114
305#define RSA_R_P_NOT_PRIME 128
306#define RSA_R_Q_NOT_PRIME 129
314#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 307#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
315#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 308#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
316#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 309#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
317#define RSA_R_UNKNOWN_PADDING_TYPE 118 310#define RSA_R_UNKNOWN_PADDING_TYPE 118
318#define RSA_R_WRONG_SIGNATURE_LENGTH 119 311#define RSA_R_WRONG_SIGNATURE_LENGTH 119
319 312
320#ifdef __cplusplus 313#ifdef __cplusplus
321} 314}
322#endif 315#endif
diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c
new file mode 100644
index 0000000000..91b9115798
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_chk.c
@@ -0,0 +1,184 @@
1/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */
2/* ====================================================================
3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *
9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
12 * 2. Redistributions in binary form must reproduce the above copyright
13 * notice, this list of conditions and the following disclaimer in
14 * the documentation and/or other materials provided with the
15 * distribution.
16 *
17 * 3. All advertising materials mentioning features or use of this
18 * software must display the following acknowledgment:
19 * "This product includes software developed by the OpenSSL Project
20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
21 *
22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
23 * endorse or promote products derived from this software without
24 * prior written permission. For written permission, please contact
25 * openssl-core@OpenSSL.org.
26 *
27 * 5. Products derived from this software may not be called "OpenSSL"
28 * nor may "OpenSSL" appear in their names without prior written
29 * permission of the OpenSSL Project.
30 *
31 * 6. Redistributions of any form whatsoever must retain the following
32 * acknowledgment:
33 * "This product includes software developed by the OpenSSL Project
34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
35 *
36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 */
50
51#include <openssl/bn.h>
52#include <openssl/err.h>
53#include <openssl/rsa.h>
54
55
56int RSA_check_key(RSA *key)
57 {
58 BIGNUM *i, *j, *k, *l, *m;
59 BN_CTX *ctx;
60 int r;
61 int ret=1;
62
63 i = BN_new();
64 j = BN_new();
65 k = BN_new();
66 l = BN_new();
67 m = BN_new();
68 ctx = BN_CTX_new();
69 if (i == NULL || j == NULL || k == NULL || l == NULL ||
70 m == NULL || ctx == NULL)
71 {
72 ret = -1;
73 RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
74 goto err;
75 }
76
77 /* p prime? */
78 r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
79 if (r != 1)
80 {
81 ret = r;
82 if (r != 0)
83 goto err;
84 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
85 }
86
87 /* q prime? */
88 r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
89 if (r != 1)
90 {
91 ret = r;
92 if (r != 0)
93 goto err;
94 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
95 }
96
97 /* n = p*q? */
98 r = BN_mul(i, key->p, key->q, ctx);
99 if (!r) { ret = -1; goto err; }
100
101 if (BN_cmp(i, key->n) != 0)
102 {
103 ret = 0;
104 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
105 }
106
107 /* d*e = 1 mod lcm(p-1,q-1)? */
108
109 r = BN_sub(i, key->p, BN_value_one());
110 if (!r) { ret = -1; goto err; }
111 r = BN_sub(j, key->q, BN_value_one());
112 if (!r) { ret = -1; goto err; }
113
114 /* now compute k = lcm(i,j) */
115 r = BN_mul(l, i, j, ctx);
116 if (!r) { ret = -1; goto err; }
117 r = BN_gcd(m, i, j, ctx);
118 if (!r) { ret = -1; goto err; }
119 r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
120 if (!r) { ret = -1; goto err; }
121
122 r = BN_mod_mul(i, key->d, key->e, k, ctx);
123 if (!r) { ret = -1; goto err; }
124
125 if (!BN_is_one(i))
126 {
127 ret = 0;
128 RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
129 }
130
131 if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL)
132 {
133 /* dmp1 = d mod (p-1)? */
134 r = BN_sub(i, key->p, BN_value_one());
135 if (!r) { ret = -1; goto err; }
136
137 r = BN_mod(j, key->d, i, ctx);
138 if (!r) { ret = -1; goto err; }
139
140 if (BN_cmp(j, key->dmp1) != 0)
141 {
142 ret = 0;
143 RSAerr(RSA_F_RSA_CHECK_KEY,
144 RSA_R_DMP1_NOT_CONGRUENT_TO_D);
145 }
146
147 /* dmq1 = d mod (q-1)? */
148 r = BN_sub(i, key->q, BN_value_one());
149 if (!r) { ret = -1; goto err; }
150
151 r = BN_mod(j, key->d, i, ctx);
152 if (!r) { ret = -1; goto err; }
153
154 if (BN_cmp(j, key->dmq1) != 0)
155 {
156 ret = 0;
157 RSAerr(RSA_F_RSA_CHECK_KEY,
158 RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
159 }
160
161 /* iqmp = q^-1 mod p? */
162 if(!BN_mod_inverse(i, key->q, key->p, ctx))
163 {
164 ret = -1;
165 goto err;
166 }
167
168 if (BN_cmp(i, key->iqmp) != 0)
169 {
170 ret = 0;
171 RSAerr(RSA_F_RSA_CHECK_KEY,
172 RSA_R_IQMP_NOT_INVERSE_OF_Q);
173 }
174 }
175
176 err:
177 if (i != NULL) BN_free(i);
178 if (j != NULL) BN_free(j);
179 if (k != NULL) BN_free(k);
180 if (l != NULL) BN_free(l);
181 if (m != NULL) BN_free(m);
182 if (ctx != NULL) BN_CTX_free(ctx);
183 return (ret);
184 }
diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c
index 42a77f11cd..776324860c 100644
--- a/src/lib/libcrypto/rsa/rsa_eay.c
+++ b/src/lib/libcrypto/rsa/rsa_eay.c
@@ -68,11 +68,10 @@
68 68
69#include <stdio.h> 69#include <stdio.h>
70#include "cryptlib.h" 70#include "cryptlib.h"
71#include "bn.h" 71#include <openssl/bn.h>
72#include "rsa.h" 72#include <openssl/rsa.h>
73#include "rand.h" 73#include <openssl/rand.h>
74 74
75#ifndef NOPROTO
76static int RSA_eay_public_encrypt(int flen, unsigned char *from, 75static int RSA_eay_public_encrypt(int flen, unsigned char *from,
77 unsigned char *to, RSA *rsa,int padding); 76 unsigned char *to, RSA *rsa,int padding);
78static int RSA_eay_private_encrypt(int flen, unsigned char *from, 77static int RSA_eay_private_encrypt(int flen, unsigned char *from,
@@ -84,16 +83,6 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from,
84static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); 83static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa);
85static int RSA_eay_init(RSA *rsa); 84static int RSA_eay_init(RSA *rsa);
86static int RSA_eay_finish(RSA *rsa); 85static int RSA_eay_finish(RSA *rsa);
87#else
88static int RSA_eay_public_encrypt();
89static int RSA_eay_private_encrypt();
90static int RSA_eay_public_decrypt();
91static int RSA_eay_private_decrypt();
92static int RSA_eay_mod_exp();
93static int RSA_eay_init();
94static int RSA_eay_finish();
95#endif
96
97static RSA_METHOD rsa_pkcs1_eay_meth={ 86static RSA_METHOD rsa_pkcs1_eay_meth={
98 "Eric Young's PKCS#1 RSA", 87 "Eric Young's PKCS#1 RSA",
99 RSA_eay_public_encrypt, 88 RSA_eay_public_encrypt,
@@ -108,31 +97,75 @@ static RSA_METHOD rsa_pkcs1_eay_meth={
108 NULL, 97 NULL,
109 }; 98 };
110 99
111RSA_METHOD *RSA_PKCS1_SSLeay() 100RSA_METHOD *RSA_PKCS1_SSLeay(void)
112 { 101 {
113 return(&rsa_pkcs1_eay_meth); 102 return(&rsa_pkcs1_eay_meth);
114 } 103 }
115 104
116static int RSA_eay_public_encrypt(flen, from, to, rsa, padding) 105static int RSA_eay_public_encrypt(int flen, unsigned char *from,
117int flen; 106 unsigned char *to, RSA *rsa, int padding)
118unsigned char *from;
119unsigned char *to;
120RSA *rsa;
121int padding;
122 { 107 {
123 BIGNUM *f=NULL,*ret=NULL; 108 BIGNUM f,ret;
124 int i,j,k,num=0,r= -1; 109 int i,j,k,num=0,r= -1;
125 unsigned char *buf=NULL; 110 unsigned char *buf=NULL;
126 BN_CTX *ctx=NULL; 111 BN_CTX *ctx=NULL;
127 112
128 /* Body of this routine removed for OpenBSD - will return 113 BN_init(&f);
129 * when the RSA patent expires 114 BN_init(&ret);
130 */ 115 if ((ctx=BN_CTX_new()) == NULL) goto err;
116 num=BN_num_bytes(rsa->n);
117 if ((buf=(unsigned char *)Malloc(num)) == NULL)
118 {
119 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
120 goto err;
121 }
122
123 switch (padding)
124 {
125 case RSA_PKCS1_PADDING:
126 i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
127 break;
128#ifndef NO_SHA
129 case RSA_PKCS1_OAEP_PADDING:
130 i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
131 break;
132#endif
133 case RSA_SSLV23_PADDING:
134 i=RSA_padding_add_SSLv23(buf,num,from,flen);
135 break;
136 case RSA_NO_PADDING:
137 i=RSA_padding_add_none(buf,num,from,flen);
138 break;
139 default:
140 RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
141 goto err;
142 }
143 if (i <= 0) goto err;
144
145 if (BN_bin2bn(buf,num,&f) == NULL) goto err;
146
147 if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
148 {
149 if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL)
150 if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx))
151 goto err;
152 }
153
154 if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
155 rsa->_method_mod_n)) goto err;
131 156
157 /* put in leading 0 bytes if the number is less than the
158 * length of the modulus */
159 j=BN_num_bytes(&ret);
160 i=BN_bn2bin(&ret,&(to[num-j]));
161 for (k=0; k<(num-i); k++)
162 to[k]=0;
163
164 r=num;
132err: 165err:
133 if (ctx != NULL) BN_CTX_free(ctx); 166 if (ctx != NULL) BN_CTX_free(ctx);
134 if (f != NULL) BN_free(f); 167 BN_clear_free(&f);
135 if (ret != NULL) BN_free(ret); 168 BN_clear_free(&ret);
136 if (buf != NULL) 169 if (buf != NULL)
137 { 170 {
138 memset(buf,0,num); 171 memset(buf,0,num);
@@ -141,14 +174,10 @@ err:
141 return(r); 174 return(r);
142 } 175 }
143 176
144static int RSA_eay_private_encrypt(flen, from, to, rsa, padding) 177static int RSA_eay_private_encrypt(int flen, unsigned char *from,
145int flen; 178 unsigned char *to, RSA *rsa, int padding)
146unsigned char *from;
147unsigned char *to;
148RSA *rsa;
149int padding;
150 { 179 {
151 BIGNUM *f=NULL,*ret=NULL; 180 BIGNUM f,ret;
152 int i,j,k,num=0,r= -1; 181 int i,j,k,num=0,r= -1;
153 unsigned char *buf=NULL; 182 unsigned char *buf=NULL;
154 BN_CTX *ctx=NULL; 183 BN_CTX *ctx=NULL;
@@ -159,8 +188,8 @@ int padding;
159 188
160err: 189err:
161 if (ctx != NULL) BN_CTX_free(ctx); 190 if (ctx != NULL) BN_CTX_free(ctx);
162 if (ret != NULL) BN_free(ret); 191 BN_clear_free(&ret);
163 if (f != NULL) BN_free(f); 192 BN_clear_free(&f);
164 if (buf != NULL) 193 if (buf != NULL)
165 { 194 {
166 memset(buf,0,num); 195 memset(buf,0,num);
@@ -169,14 +198,10 @@ err:
169 return(r); 198 return(r);
170 } 199 }
171 200
172static int RSA_eay_private_decrypt(flen, from, to, rsa,padding) 201static int RSA_eay_private_decrypt(int flen, unsigned char *from,
173int flen; 202 unsigned char *to, RSA *rsa, int padding)
174unsigned char *from;
175unsigned char *to;
176RSA *rsa;
177int padding;
178 { 203 {
179 BIGNUM *f=NULL,*ret=NULL; 204 BIGNUM f,ret;
180 int j,num=0,r= -1; 205 int j,num=0,r= -1;
181 unsigned char *p; 206 unsigned char *p;
182 unsigned char *buf=NULL; 207 unsigned char *buf=NULL;
@@ -188,8 +213,8 @@ int padding;
188 213
189err: 214err:
190 if (ctx != NULL) BN_CTX_free(ctx); 215 if (ctx != NULL) BN_CTX_free(ctx);
191 if (f != NULL) BN_free(f); 216 BN_clear_free(&f);
192 if (ret != NULL) BN_free(ret); 217 BN_clear_free(&ret);
193 if (buf != NULL) 218 if (buf != NULL)
194 { 219 {
195 memset(buf,0,num); 220 memset(buf,0,num);
@@ -198,28 +223,23 @@ err:
198 return(r); 223 return(r);
199 } 224 }
200 225
201static int RSA_eay_public_decrypt(flen, from, to, rsa, padding) 226static int RSA_eay_public_decrypt(int flen, unsigned char *from,
202int flen; 227 unsigned char *to, RSA *rsa, int padding)
203unsigned char *from;
204unsigned char *to;
205RSA *rsa;
206int padding;
207 { 228 {
208 BIGNUM *f=NULL,*ret=NULL; 229 BIGNUM f,ret;
209 int i,num=0,r= -1; 230 int i,num=0,r= -1;
210 unsigned char *p; 231 unsigned char *p;
211 unsigned char *buf=NULL; 232 unsigned char *buf=NULL;
212 BN_CTX *ctx=NULL; 233 BN_CTX *ctx=NULL;
213 234
214
215 /* Body of this routine removed for OpenBSD - will return 235 /* Body of this routine removed for OpenBSD - will return
216 * when the RSA patent expires 236 * when the RSA patent expires
217 */ 237 */
218 238
219err: 239err:
220 if (ctx != NULL) BN_CTX_free(ctx); 240 if (ctx != NULL) BN_CTX_free(ctx);
221 if (f != NULL) BN_free(f); 241 BN_clear_free(&f);
222 if (ret != NULL) BN_free(ret); 242 BN_clear_free(&ret);
223 if (buf != NULL) 243 if (buf != NULL)
224 { 244 {
225 memset(buf,0,num); 245 memset(buf,0,num);
@@ -228,46 +248,40 @@ err:
228 return(r); 248 return(r);
229 } 249 }
230 250
231static int RSA_eay_mod_exp(r0, I, rsa) 251static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
232BIGNUM *r0;
233BIGNUM *I;
234RSA *rsa;
235 { 252 {
236 BIGNUM *r1=NULL,*m1=NULL; 253 BIGNUM r1,m1;
237 int ret=0; 254 int ret=0;
238 BN_CTX *ctx; 255 BN_CTX *ctx;
239 256
240 if ((ctx=BN_CTX_new()) == NULL) goto err; 257 if ((ctx=BN_CTX_new()) == NULL) goto err;
241 m1=BN_new(); 258 BN_init(&m1);
242 r1=BN_new(); 259 BN_init(&r1);
243 if ((m1 == NULL) || (r1 == NULL)) goto err;
244 260
245 /* Body of this routine removed for OpenBSD - will return 261 /* Body of this routine removed for OpenBSD - will return
246 * when the RSA patent expires 262 * when the RSA patent expires
247 */ 263 */
248err: 264err:
249 if (m1 != NULL) BN_free(m1); 265 BN_clear_free(&m1);
250 if (r1 != NULL) BN_free(r1); 266 BN_clear_free(&r1);
251 BN_CTX_free(ctx); 267 BN_CTX_free(ctx);
252 return(ret); 268 return(ret);
253 } 269 }
254 270
255static int RSA_eay_init(rsa) 271static int RSA_eay_init(RSA *rsa)
256RSA *rsa;
257 { 272 {
258 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; 273 rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE;
259 return(1); 274 return(1);
260 } 275 }
261 276
262static int RSA_eay_finish(rsa) 277static int RSA_eay_finish(RSA *rsa)
263RSA *rsa;
264 { 278 {
265 if (rsa->method_mod_n != NULL) 279 if (rsa->_method_mod_n != NULL)
266 BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n); 280 BN_MONT_CTX_free(rsa->_method_mod_n);
267 if (rsa->method_mod_p != NULL) 281 if (rsa->_method_mod_p != NULL)
268 BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p); 282 BN_MONT_CTX_free(rsa->_method_mod_p);
269 if (rsa->method_mod_q != NULL) 283 if (rsa->_method_mod_q != NULL)
270 BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q); 284 BN_MONT_CTX_free(rsa->_method_mod_q);
271 return(1); 285 return(1);
272 } 286 }
273 287
diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c
index 796b3afd47..9fb15e398d 100644
--- a/src/lib/libcrypto/rsa/rsa_err.c
+++ b/src/lib/libcrypto/rsa/rsa_err.c
@@ -1,68 +1,72 @@
1/* lib/rsa/rsa_err.c */ 1/* crypto/rsa/rsa_err.c */
2/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) 2/* ====================================================================
3 * All rights reserved. 3 * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
4 * 4 *
5 * This package is an SSL implementation written
6 * by Eric Young (eay@cryptsoft.com).
7 * The implementation was written so as to conform with Netscapes SSL.
8 *
9 * This library is free for commercial and non-commercial use as long as
10 * the following conditions are aheared to. The following conditions
11 * apply to all code found in this distribution, be it the RC4, RSA,
12 * lhash, DES, etc., code; not just the SSL code. The SSL documentation
13 * included with this distribution is covered by the same copyright terms
14 * except that the holder is Tim Hudson (tjh@cryptsoft.com).
15 *
16 * Copyright remains Eric Young's, and as such any Copyright notices in
17 * the code are not to be removed.
18 * If this package is used in a product, Eric Young should be given attribution
19 * as the author of the parts of the library used.
20 * This can be in the form of a textual message at program startup or
21 * in documentation (online or textual) provided with the package.
22 *
23 * Redistribution and use in source and binary forms, with or without 5 * Redistribution and use in source and binary forms, with or without
24 * modification, are permitted provided that the following conditions 6 * modification, are permitted provided that the following conditions
25 * are met: 7 * are met:
26 * 1. Redistributions of source code must retain the copyright 8 *
27 * notice, this list of conditions and the following disclaimer. 9 * 1. Redistributions of source code must retain the above copyright
10 * notice, this list of conditions and the following disclaimer.
11 *
28 * 2. Redistributions in binary form must reproduce the above copyright 12 * 2. Redistributions in binary form must reproduce the above copyright
29 * notice, this list of conditions and the following disclaimer in the 13 * notice, this list of conditions and the following disclaimer in
30 * documentation and/or other materials provided with the distribution. 14 * the documentation and/or other materials provided with the
31 * 3. All advertising materials mentioning features or use of this software 15 * distribution.
32 * must display the following acknowledgement: 16 *
33 * "This product includes cryptographic software written by 17 * 3. All advertising materials mentioning features or use of this
34 * Eric Young (eay@cryptsoft.com)" 18 * software must display the following acknowledgment:
35 * The word 'cryptographic' can be left out if the rouines from the library 19 * "This product includes software developed by the OpenSSL Project
36 * being used are not cryptographic related :-). 20 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
37 * 4. If you include any Windows specific code (or a derivative thereof) from 21 *
38 * the apps directory (application code) you must include an acknowledgement: 22 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
39 * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" 23 * endorse or promote products derived from this software without
40 * 24 * prior written permission. For written permission, please contact
41 * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND 25 * openssl-core@OpenSSL.org.
42 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 26 *
43 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 27 * 5. Products derived from this software may not be called "OpenSSL"
44 * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE 28 * nor may "OpenSSL" appear in their names without prior written
45 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 29 * permission of the OpenSSL Project.
46 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 30 *
47 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 31 * 6. Redistributions of any form whatsoever must retain the following
48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 32 * acknowledgment:
49 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 33 * "This product includes software developed by the OpenSSL Project
50 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 34 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
51 * SUCH DAMAGE. 35 *
52 * 36 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
53 * The licence and distribution terms for any publically available version or 37 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
54 * derivative of this code cannot be changed. i.e. this code cannot simply be 38 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
55 * copied and put under another distribution licence 39 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
56 * [including the GNU Public Licence.] 40 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
41 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
42 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
43 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
44 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
45 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
46 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
47 * OF THE POSSIBILITY OF SUCH DAMAGE.
48 * ====================================================================
49 *
50 * This product includes cryptographic software written by Eric Young
51 * (eay@cryptsoft.com). This product includes software written by Tim
52 * Hudson (tjh@cryptsoft.com).
53 *
57 */ 54 */
55
56/* NOTE: this file was auto generated by the mkerr.pl script: any changes
57 * made to it will be overwritten when the script next updates this file.
58 */
59
58#include <stdio.h> 60#include <stdio.h>
59#include "err.h" 61#include <openssl/err.h>
60#include "rsa.h" 62#include <openssl/rsa.h>
61 63
62/* BEGIN ERROR CODES */ 64/* BEGIN ERROR CODES */
63#ifndef NO_ERR 65#ifndef NO_ERR
64static ERR_STRING_DATA RSA_str_functs[]= 66static ERR_STRING_DATA RSA_str_functs[]=
65 { 67 {
68{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"},
69{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"},
66{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, 70{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"},
67{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, 71{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"},
68{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, 72{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"},
@@ -70,10 +74,12 @@ static ERR_STRING_DATA RSA_str_functs[]=
70{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, 74{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"},
71{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, 75{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"},
72{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, 76{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"},
77{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"},
73{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, 78{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"},
74{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, 79{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"},
75{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, 80{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"},
76{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, 81{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"},
82{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"},
77{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, 83{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"},
78{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, 84{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"},
79{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, 85{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"},
@@ -83,7 +89,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
83{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, 89{ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"},
84{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, 90{ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"},
85{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, 91{ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"},
86{0,NULL}, 92{0,NULL}
87 }; 93 };
88 94
89static ERR_STRING_DATA RSA_str_reasons[]= 95static ERR_STRING_DATA RSA_str_reasons[]=
@@ -93,32 +99,41 @@ static ERR_STRING_DATA RSA_str_reasons[]=
93{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, 99{RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"},
94{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, 100{RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"},
95{RSA_R_BAD_SIGNATURE ,"bad signature"}, 101{RSA_R_BAD_SIGNATURE ,"bad signature"},
96{RSA_R_BAD_ZERO_BYTE ,"bad zero byte"},
97{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, 102{RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"},
98{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, 103{RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"},
99{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, 104{RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"},
100{RSA_R_DATA_TOO_LARGE ,"data too large"}, 105{RSA_R_DATA_TOO_LARGE ,"data too large"},
101{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, 106{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
102{RSA_R_DATA_TOO_SMALL ,"data too small"}, 107{RSA_R_DATA_TOO_SMALL ,"data too small"},
108{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
109{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},
103{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, 110{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
111{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"},
112{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"},
113{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},
114{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
104{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, 115{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
116{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"},
117{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
105{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, 118{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
119{RSA_R_P_NOT_PRIME ,"p not prime"},
120{RSA_R_Q_NOT_PRIME ,"q not prime"},
106{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, 121{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},
107{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, 122{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
108{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, 123{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
109{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, 124{RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"},
110{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, 125{RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"},
111{0,NULL}, 126{0,NULL}
112 }; 127 };
113 128
114#endif 129#endif
115 130
116void ERR_load_RSA_strings() 131void ERR_load_RSA_strings(void)
117 { 132 {
118 static int init=1; 133 static int init=1;
119 134
120 if (init); 135 if (init)
121 {; 136 {
122 init=0; 137 init=0;
123#ifndef NO_ERR 138#ifndef NO_ERR
124 ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); 139 ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c
index 4cbd373829..3227dba794 100644
--- a/src/lib/libcrypto/rsa/rsa_gen.c
+++ b/src/lib/libcrypto/rsa/rsa_gen.c
@@ -59,18 +59,15 @@
59#include <stdio.h> 59#include <stdio.h>
60#include <time.h> 60#include <time.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include "bn.h" 62#include <openssl/bn.h>
63#include "rsa.h" 63#include <openssl/rsa.h>
64 64
65RSA *RSA_generate_key(bits, e_value, callback,cb_arg) 65RSA *RSA_generate_key(int bits, unsigned long e_value,
66int bits; 66 void (*callback)(int,int,void *), void *cb_arg)
67unsigned long e_value;
68void (*callback)(P_I_I_P);
69char *cb_arg;
70 { 67 {
71 RSA *rsa=NULL; 68 RSA *rsa=NULL;
72 BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; 69 BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
73 int bitsp,bitsq,ok= -1,n=0; 70 int bitsp,bitsq,ok= -1,n=0,i;
74 BN_CTX *ctx=NULL,*ctx2=NULL; 71 BN_CTX *ctx=NULL,*ctx2=NULL;
75 72
76 ctx=BN_CTX_new(); 73 ctx=BN_CTX_new();
@@ -81,6 +78,7 @@ char *cb_arg;
81 /* Body of this routine removed for OpenBSD - will return 78 /* Body of this routine removed for OpenBSD - will return
82 * when the RSA patent expires 79 * when the RSA patent expires
83 */ 80 */
81
84err: 82err:
85 if (ok == -1) 83 if (ok == -1)
86 { 84 {
diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c
index 95a56f8a28..c0ca2923a6 100644
--- a/src/lib/libcrypto/rsa/rsa_lib.c
+++ b/src/lib/libcrypto/rsa/rsa_lib.c
@@ -57,31 +57,49 @@
57 */ 57 */
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "crypto.h" 60#include <openssl/crypto.h>
61#include "cryptlib.h" 61#include "cryptlib.h"
62#include "lhash.h" 62#include <openssl/lhash.h>
63#include "bn.h" 63#include <openssl/bn.h>
64#include "rsa.h" 64#include <openssl/rsa.h>
65 65
66char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998"; 66const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;
67 67
68static RSA_METHOD *default_RSA_meth=NULL; 68static RSA_METHOD *default_RSA_meth=NULL;
69static int rsa_meth_num=0; 69static int rsa_meth_num=0;
70static STACK *rsa_meth=NULL; 70static STACK *rsa_meth=NULL;
71 71
72RSA *RSA_new() 72RSA *RSA_new(void)
73 { 73 {
74 return(RSA_new_method(NULL)); 74 return(RSA_new_method(NULL));
75 } 75 }
76 76
77void RSA_set_default_method(meth) 77void RSA_set_default_method(RSA_METHOD *meth)
78RSA_METHOD *meth;
79 { 78 {
80 default_RSA_meth=meth; 79 default_RSA_meth=meth;
81 } 80 }
82 81
83RSA *RSA_new_method(meth) 82RSA_METHOD *RSA_get_default_method(void)
84RSA_METHOD *meth; 83{
84 return default_RSA_meth;
85}
86
87RSA_METHOD *RSA_get_method(RSA *rsa)
88{
89 return rsa->meth;
90}
91
92RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth)
93{
94 RSA_METHOD *mtmp;
95 mtmp = rsa->meth;
96 if (mtmp->finish) mtmp->finish(rsa);
97 rsa->meth = meth;
98 if (meth->init) meth->init(rsa);
99 return mtmp;
100}
101
102RSA *RSA_new_method(RSA_METHOD *meth)
85 { 103 {
86 RSA *ret; 104 RSA *ret;
87 105
@@ -116,22 +134,23 @@ RSA_METHOD *meth;
116 ret->dmq1=NULL; 134 ret->dmq1=NULL;
117 ret->iqmp=NULL; 135 ret->iqmp=NULL;
118 ret->references=1; 136 ret->references=1;
119 ret->method_mod_n=NULL; 137 ret->_method_mod_n=NULL;
120 ret->method_mod_p=NULL; 138 ret->_method_mod_p=NULL;
121 ret->method_mod_q=NULL; 139 ret->_method_mod_q=NULL;
122 ret->blinding=NULL; 140 ret->blinding=NULL;
141 ret->bignum_data=NULL;
123 ret->flags=ret->meth->flags; 142 ret->flags=ret->meth->flags;
124 if ((ret->meth->init != NULL) && !ret->meth->init(ret)) 143 if ((ret->meth->init != NULL) && !ret->meth->init(ret))
125 { 144 {
126 Free(ret); 145 Free(ret);
127 ret=NULL; 146 ret=NULL;
128 } 147 }
129 CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); 148 else
149 CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
130 return(ret); 150 return(ret);
131 } 151 }
132 152
133void RSA_free(r) 153void RSA_free(RSA *r)
134RSA *r;
135 { 154 {
136 int i; 155 int i;
137 156
@@ -164,90 +183,63 @@ RSA *r;
164 if (r->dmq1 != NULL) BN_clear_free(r->dmq1); 183 if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
165 if (r->iqmp != NULL) BN_clear_free(r->iqmp); 184 if (r->iqmp != NULL) BN_clear_free(r->iqmp);
166 if (r->blinding != NULL) BN_BLINDING_free(r->blinding); 185 if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
186 if (r->bignum_data != NULL) Free_locked(r->bignum_data);
167 Free(r); 187 Free(r);
168 } 188 }
169 189
170int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func) 190int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
171long argl; 191 int (*dup_func)(), void (*free_func)())
172char *argp;
173int (*new_func)();
174int (*dup_func)();
175void (*free_func)();
176 { 192 {
177 rsa_meth_num++; 193 rsa_meth_num++;
178 return(CRYPTO_get_ex_new_index(rsa_meth_num-1, 194 return(CRYPTO_get_ex_new_index(rsa_meth_num-1,
179 &rsa_meth,argl,argp,new_func,dup_func,free_func)); 195 &rsa_meth,argl,argp,new_func,dup_func,free_func));
180 } 196 }
181 197
182int RSA_set_ex_data(r,idx,arg) 198int RSA_set_ex_data(RSA *r, int idx, char *arg)
183RSA *r;
184int idx;
185char *arg;
186 { 199 {
187 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); 200 return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
188 } 201 }
189 202
190char *RSA_get_ex_data(r,idx) 203char *RSA_get_ex_data(RSA *r, int idx)
191RSA *r;
192int idx;
193 { 204 {
194 return(CRYPTO_get_ex_data(&r->ex_data,idx)); 205 return(CRYPTO_get_ex_data(&r->ex_data,idx));
195 } 206 }
196 207
197int RSA_size(r) 208int RSA_size(RSA *r)
198RSA *r;
199 { 209 {
200 return(BN_num_bytes(r->n)); 210 return(BN_num_bytes(r->n));
201 } 211 }
202 212
203int RSA_public_encrypt(flen, from, to, rsa, padding) 213int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to,
204int flen; 214 RSA *rsa, int padding)
205unsigned char *from;
206unsigned char *to;
207RSA *rsa;
208int padding;
209 { 215 {
210 return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); 216 return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
211 } 217 }
212 218
213int RSA_private_encrypt(flen, from, to, rsa, padding) 219int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to,
214int flen; 220 RSA *rsa, int padding)
215unsigned char *from;
216unsigned char *to;
217RSA *rsa;
218int padding;
219 { 221 {
220 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); 222 return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
221 } 223 }
222 224
223int RSA_private_decrypt(flen, from, to, rsa, padding) 225int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to,
224int flen; 226 RSA *rsa, int padding)
225unsigned char *from;
226unsigned char *to;
227RSA *rsa;
228int padding;
229 { 227 {
230 return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); 228 return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
231 } 229 }
232 230
233int RSA_public_decrypt(flen, from, to, rsa, padding) 231int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to,
234int flen; 232 RSA *rsa, int padding)
235unsigned char *from;
236unsigned char *to;
237RSA *rsa;
238int padding;
239 { 233 {
240 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); 234 return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
241 } 235 }
242 236
243int RSA_flags(r) 237int RSA_flags(RSA *r)
244RSA *r;
245 { 238 {
246 return((r == NULL)?0:r->meth->flags); 239 return((r == NULL)?0:r->meth->flags);
247 } 240 }
248 241
249void RSA_blinding_off(rsa) 242void RSA_blinding_off(RSA *rsa)
250RSA *rsa;
251 { 243 {
252 if (rsa->blinding != NULL) 244 if (rsa->blinding != NULL)
253 { 245 {
@@ -257,9 +249,7 @@ RSA *rsa;
257 rsa->flags&= ~RSA_FLAG_BLINDING; 249 rsa->flags&= ~RSA_FLAG_BLINDING;
258 } 250 }
259 251
260int RSA_blinding_on(rsa,p_ctx) 252int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)
261RSA *rsa;
262BN_CTX *p_ctx;
263 { 253 {
264 BIGNUM *A,*Ai; 254 BIGNUM *A,*Ai;
265 BN_CTX *ctx; 255 BN_CTX *ctx;
@@ -275,13 +265,13 @@ BN_CTX *p_ctx;
275 if (rsa->blinding != NULL) 265 if (rsa->blinding != NULL)
276 BN_BLINDING_free(rsa->blinding); 266 BN_BLINDING_free(rsa->blinding);
277 267
278 A=ctx->bn[0]; 268 A= &(ctx->bn[0]);
279 ctx->tos++; 269 ctx->tos++;
280 if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; 270 if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
281 if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err; 271 if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
282 272
283 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx, 273 if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))
284 (char *)rsa->method_mod_n)) goto err; 274 goto err;
285 rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); 275 rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);
286 ctx->tos--; 276 ctx->tos--;
287 rsa->flags|=RSA_FLAG_BLINDING; 277 rsa->flags|=RSA_FLAG_BLINDING;
@@ -292,3 +282,48 @@ err:
292 return(ret); 282 return(ret);
293 } 283 }
294 284
285int RSA_memory_lock(RSA *r)
286 {
287 int i,j,k,off;
288 char *p;
289 BIGNUM *bn,**t[6],*b;
290 BN_ULONG *ul;
291
292 if (r->d == NULL) return(1);
293 t[0]= &r->d;
294 t[1]= &r->p;
295 t[2]= &r->q;
296 t[3]= &r->dmp1;
297 t[4]= &r->dmq1;
298 t[5]= &r->iqmp;
299 k=sizeof(BIGNUM)*6;
300 off=k/sizeof(BN_ULONG)+1;
301 j=1;
302 for (i=0; i<6; i++)
303 j+= (*t[i])->top;
304 if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
305 {
306 RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
307 return(0);
308 }
309 bn=(BIGNUM *)p;
310 ul=(BN_ULONG *)&(p[off]);
311 for (i=0; i<6; i++)
312 {
313 b= *(t[i]);
314 *(t[i])= &(bn[i]);
315 memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
316 bn[i].flags=BN_FLG_STATIC_DATA;
317 bn[i].d=ul;
318 memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
319 ul+=b->top;
320 BN_clear_free(b);
321 }
322
323 /* I should fix this so it can still be done */
324 r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
325
326 r->bignum_data=p;
327 return(1);
328 }
329
diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c
index f0dd943657..f22fce5016 100644
--- a/src/lib/libcrypto/rsa/rsa_none.c
+++ b/src/lib/libcrypto/rsa/rsa_none.c
@@ -58,52 +58,41 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "rsa.h" 62#include <openssl/rsa.h>
63#include "rand.h" 63#include <openssl/rand.h>
64 64
65int RSA_padding_add_none(to,tlen,from,flen) 65int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from,
66unsigned char *to; 66 int flen)
67int tlen;
68unsigned char *from;
69int flen;
70 { 67 {
71 if (flen >= tlen) 68 if (flen > tlen)
72 { 69 {
73 RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); 70 RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
74 return(0); 71 return(0);
75 } 72 }
73
74 if (flen < tlen)
75 {
76 RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE);
77 return(0);
78 }
76 79
77 *(to++)=0;
78 memcpy(to,from,(unsigned int)flen); 80 memcpy(to,from,(unsigned int)flen);
79 return(1); 81 return(1);
80 } 82 }
81 83
82int RSA_padding_check_none(to,tlen,from,flen) 84int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from,
83unsigned char *to; 85 int flen, int num)
84int tlen;
85unsigned char *from;
86int flen;
87 { 86 {
88 int j;
89 87
90 from++; 88 if (flen > tlen)
91 if (flen+1 > tlen)
92 { 89 {
93 RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); 90 RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
94 return(-1); 91 return(-1);
95 } 92 }
96 if (*(from++) != 0)
97 {
98 RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE);
99 return(-1);
100 }
101 93
102 /* scan over padding data */ 94 memset(to,0,tlen-flen);
103 j=flen-1; /* one for type and one for the prepended 0. */ 95 memcpy(to+tlen-flen,from,flen);
104 memset(to,0,tlen-j); 96 return(tlen);
105 to+=(tlen-j);
106 memcpy(to,from,j);
107 return(j);
108 } 97 }
109 98
diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c
new file mode 100644
index 0000000000..843c40c864
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_oaep.c
@@ -0,0 +1,162 @@
1/* crypto/rsa/rsa_oaep.c */
2/* Written by Ulf Moeller. This software is distributed on an "AS IS"
3 basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */
4
5/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
6
7#if !defined(NO_SHA) && !defined(NO_SHA1)
8#include <stdio.h>
9#include "cryptlib.h"
10#include <openssl/bn.h>
11#include <openssl/rsa.h>
12#include <openssl/sha.h>
13#include <openssl/rand.h>
14
15int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen);
16
17int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
18 unsigned char *from, int flen, unsigned char *param, int plen)
19 {
20 int i, emlen = tlen - 1;
21 unsigned char *db, *seed;
22 unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH];
23
24 if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1)
25 {
26 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,
27 RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
28 return (0);
29 }
30
31 if (emlen < 2 * SHA_DIGEST_LENGTH + 1)
32 {
33 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL);
34 return (0);
35 }
36
37 dbmask = Malloc(emlen - SHA_DIGEST_LENGTH);
38 if (dbmask == NULL)
39 {
40 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
41 return (0);
42 }
43
44 to[0] = 0;
45 seed = to + 1;
46 db = to + SHA_DIGEST_LENGTH + 1;
47
48 SHA1(param, plen, db);
49 memset(db + SHA_DIGEST_LENGTH, 0,
50 emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);
51 db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;
52 memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);
53 RAND_bytes(seed, SHA_DIGEST_LENGTH);
54#ifdef PKCS_TESTVECT
55 memcpy(seed,
56 "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
57 20);
58#endif
59
60 MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
61 for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
62 db[i] ^= dbmask[i];
63
64 MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
65 for (i = 0; i < SHA_DIGEST_LENGTH; i++)
66 seed[i] ^= seedmask[i];
67
68 Free(dbmask);
69 return (1);
70 }
71
72int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
73 unsigned char *from, int flen, int num, unsigned char *param,
74 int plen)
75 {
76 int i, dblen, mlen = -1;
77 unsigned char *maskeddb;
78 int lzero;
79 unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH];
80
81 if (--num < 2 * SHA_DIGEST_LENGTH + 1)
82 {
83 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
84 return (-1);
85 }
86
87 dblen = num - SHA_DIGEST_LENGTH;
88 db = Malloc(dblen);
89 if (db == NULL)
90 {
91 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
92 return (-1);
93 }
94
95 lzero = num - flen;
96 maskeddb = from - lzero + SHA_DIGEST_LENGTH;
97
98 MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
99 for (i = lzero; i < SHA_DIGEST_LENGTH; i++)
100 seed[i] ^= from[i - lzero];
101
102 MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
103 for (i = 0; i < dblen; i++)
104 db[i] ^= maskeddb[i];
105
106 SHA1(param, plen, phash);
107
108 if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0)
109 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR);
110 else
111 {
112 for (i = SHA_DIGEST_LENGTH; i < dblen; i++)
113 if (db[i] != 0x00)
114 break;
115 if (db[i] != 0x01 || i++ >= dblen)
116 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,
117 RSA_R_OAEP_DECODING_ERROR);
118 else
119 {
120 mlen = dblen - i;
121 if (tlen < mlen)
122 {
123 RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE);
124 mlen = -1;
125 }
126 else
127 memcpy(to, db + i, mlen);
128 }
129 }
130 Free(db);
131 return (mlen);
132 }
133
134int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen)
135 {
136 long i, outlen = 0;
137 unsigned char cnt[4];
138 SHA_CTX c;
139 unsigned char md[SHA_DIGEST_LENGTH];
140
141 for (i = 0; outlen < len; i++)
142 {
143 cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255,
144 cnt[2] = (i >> 8) & 255, cnt[3] = i & 255;
145 SHA1_Init(&c);
146 SHA1_Update(&c, seed, seedlen);
147 SHA1_Update(&c, cnt, 4);
148 if (outlen + SHA_DIGEST_LENGTH <= len)
149 {
150 SHA1_Final(mask + outlen, &c);
151 outlen += SHA_DIGEST_LENGTH;
152 }
153 else
154 {
155 SHA1_Final(md, &c);
156 memcpy(mask + outlen, md, len - outlen);
157 outlen = len;
158 }
159 }
160 return (0);
161 }
162#endif
diff --git a/src/lib/libcrypto/rsa/rsa_oaep_test.c b/src/lib/libcrypto/rsa/rsa_oaep_test.c
new file mode 100644
index 0000000000..0d4e39d3da
--- /dev/null
+++ b/src/lib/libcrypto/rsa/rsa_oaep_test.c
@@ -0,0 +1,309 @@
1/* test vectors from p1ovect1.txt */
2
3#include <stdio.h>
4#include <string.h>
5
6#include "openssl/e_os.h"
7
8#include <openssl/crypto.h>
9#include <openssl/err.h>
10#ifdef NO_RSA
11int main(int argc, char *argv[])
12{
13 printf("No RSA support\n");
14 return(0);
15}
16#else
17#include <openssl/rsa.h>
18
19#define SetKey \
20 key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \
21 key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \
22 key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \
23 key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \
24 key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \
25 key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \
26 key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \
27 key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \
28 memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \
29 return (sizeof(ctext_ex) - 1);
30
31static int key1(RSA *key, unsigned char *c)
32 {
33 static unsigned char n[] =
34"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
35"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
36"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
37"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
38"\xF5";
39
40 static unsigned char e[] = "\x11";
41
42 static unsigned char d[] =
43"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
44"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
45"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
46"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";
47
48 static unsigned char p[] =
49"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
50"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"
51"\x0D";
52
53 static unsigned char q[] =
54"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
55"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
56"\x89";
57
58 static unsigned char dmp1[] =
59"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"
60"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";
61
62 static unsigned char dmq1[] =
63"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"
64"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"
65"\x51";
66
67 static unsigned char iqmp[] =
68"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"
69"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";
70
71 static unsigned char ctext_ex[] =
72"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"
73"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"
74"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"
75"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";
76
77 SetKey;
78 }
79
80static int key2(RSA *key, unsigned char *c)
81 {
82 static unsigned char n[] =
83"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"
84"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"
85"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"
86"\x34\x77\xCF";
87
88 static unsigned char e[] = "\x3";
89
90 static unsigned char d[] =
91"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"
92"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"
93"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"
94"\xE5\xEB";
95
96 static unsigned char p[] =
97"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"
98"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";
99
100 static unsigned char q[] =
101"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
102"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";
103
104 static unsigned char dmp1[] =
105"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"
106"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";
107
108 static unsigned char dmq1[] =
109"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"
110"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";
111
112 static unsigned char iqmp[] =
113"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"
114"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";
115
116 static unsigned char ctext_ex[] =
117"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"
118"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"
119"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"
120"\x62\x51";
121
122 SetKey;
123 }
124
125static int key3(RSA *key, unsigned char *c)
126 {
127 static unsigned char n[] =
128"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
129"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
130"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
131"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
132"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
133"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
134"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
135"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
136"\xCB";
137
138 static unsigned char e[] = "\x11";
139
140 static unsigned char d[] =
141"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
142"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
143"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
144"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
145"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
146"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
147"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
148"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
149"\xC1";
150
151 static unsigned char p[] =
152"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"
153"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"
154"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"
155"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"
156"\x99";
157
158 static unsigned char q[] =
159"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"
160"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"
161"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"
162"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"
163"\x03";
164
165 static unsigned char dmp1[] =
166"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"
167"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"
168"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"
169"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";
170
171 static unsigned char dmq1[] =
172"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"
173"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"
174"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"
175"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";
176
177 static unsigned char iqmp[] =
178"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"
179"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"
180"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"
181"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"
182"\xF7";
183
184 static unsigned char ctext_ex[] =
185"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"
186"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"
187"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"
188"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"
189"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"
190"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"
191"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"
192"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";
193
194 SetKey;
195 }
196
197static int pad_unknown(void)
198{
199 unsigned long l;
200 while ((l = ERR_get_error()) != 0)
201 if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)
202 return(1);
203 return(0);
204}
205
206int main()
207 {
208 int err=0;
209 int v;
210 RSA *key;
211 unsigned char ptext[256];
212 unsigned char ctext[256];
213 static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";
214 unsigned char ctext_ex[256];
215 int plen;
216 int clen = 0;
217 int num;
218
219 CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);
220
221 plen = sizeof(ptext_ex) - 1;
222
223 for (v = 0; v < 3; v++)
224 {
225 key = RSA_new();
226 switch (v) {
227 case 0:
228 clen = key1(key, ctext_ex);
229 break;
230 case 1:
231 clen = key2(key, ctext_ex);
232 break;
233 case 2:
234 clen = key3(key, ctext_ex);
235 break;
236 }
237
238 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
239 RSA_PKCS1_PADDING);
240 if (num != clen)
241 {
242 printf("PKCS#1 v1.5 encryption failed!\n");
243 err=1;
244 goto oaep;
245 }
246
247 num = RSA_private_decrypt(num, ctext, ptext, key,
248 RSA_PKCS1_PADDING);
249 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
250 {
251 printf("PKCS#1 v1.5 decryption failed!\n");
252 err=1;
253 }
254 else
255 printf("PKCS #1 v1.5 encryption/decryption ok\n");
256
257 oaep:
258 ERR_clear_error();
259 num = RSA_public_encrypt(plen, ptext_ex, ctext, key,
260 RSA_PKCS1_OAEP_PADDING);
261 if (num == -1 && pad_unknown())
262 {
263 printf("No OAEP support\n");
264 goto next;
265 }
266 if (num != clen)
267 {
268 printf("OAEP encryption failed!\n");
269 err=1;
270 goto next;
271 }
272
273 num = RSA_private_decrypt(num, ctext, ptext, key,
274 RSA_PKCS1_OAEP_PADDING);
275 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
276 {
277 printf("OAEP decryption (encrypted data) failed!\n");
278 err=1;
279 }
280 else if (memcmp(ctext, ctext_ex, num) == 0)
281 {
282 printf("OAEP test vector %d passed!\n", v);
283 goto next;
284 }
285
286 /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).
287 Try decrypting ctext_ex */
288
289 num = RSA_private_decrypt(clen, ctext_ex, ptext, key,
290 RSA_PKCS1_OAEP_PADDING);
291
292 if (num != plen || memcmp(ptext, ptext_ex, num) != 0)
293 {
294 printf("OAEP decryption (test vector data) failed!\n");
295 err=1;
296 }
297 else
298 printf("OAEP encryption/decryption ok\n");
299 next:
300 RSA_free(key);
301 }
302
303 ERR_remove_state(0);
304
305 CRYPTO_mem_leaks_fp(stdout);
306
307 return err;
308 }
309#endif
diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c
index 2791291b94..f0ae51f234 100644
--- a/src/lib/libcrypto/rsa/rsa_pk1.c
+++ b/src/lib/libcrypto/rsa/rsa_pk1.c
@@ -58,27 +58,12 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "rsa.h" 62#include <openssl/rsa.h>
63#include "rand.h" 63#include <openssl/rand.h>
64
65#ifndef NOPROTO
66int RSA_padding_add_PKCS1_type_1();
67int RSA_padding_check_PKCS1_type_1();
68int RSA_padding_add_PKCS1_type_2();
69int RSA_padding_check_PKCS1_type_2();
70int RSA_padding_add_SSLv23();
71int RSA_padding_check_SSLv23();
72int RSA_padding_add_none();
73int RSA_padding_check_none();
74 64
75#endif 65int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
76 66 unsigned char *from, int flen)
77int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen)
78unsigned char *to;
79int tlen;
80unsigned char *from;
81int flen;
82 { 67 {
83 int j; 68 int j;
84 unsigned char *p; 69 unsigned char *p;
@@ -103,17 +88,14 @@ int flen;
103 return(1); 88 return(1);
104 } 89 }
105 90
106int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen) 91int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
107unsigned char *to; 92 unsigned char *from, int flen, int num)
108int tlen;
109unsigned char *from;
110int flen;
111 { 93 {
112 int i,j; 94 int i,j;
113 unsigned char *p; 95 unsigned char *p;
114 96
115 p=from; 97 p=from;
116 if (*(p++) != 01) 98 if ((num != (flen+1)) || (*(p++) != 01))
117 { 99 {
118 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); 100 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
119 return(-1); 101 return(-1);
@@ -153,11 +135,8 @@ int flen;
153 return(j); 135 return(j);
154 } 136 }
155 137
156int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen) 138int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
157unsigned char *to; 139 unsigned char *from, int flen)
158int tlen;
159unsigned char *from;
160int flen;
161 { 140 {
162 int i,j; 141 int i,j;
163 unsigned char *p; 142 unsigned char *p;
@@ -192,21 +171,21 @@ int flen;
192 return(1); 171 return(1);
193 } 172 }
194 173
195int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen) 174int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
196unsigned char *to; 175 unsigned char *from, int flen, int num)
197int tlen;
198unsigned char *from;
199int flen;
200 { 176 {
201 int i,j; 177 int i,j;
202 unsigned char *p; 178 unsigned char *p;
203 179
204 p=from; 180 p=from;
205 if (*(p++) != 02) 181 if ((num != (flen+1)) || (*(p++) != 02))
206 { 182 {
207 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); 183 RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
208 return(-1); 184 return(-1);
209 } 185 }
186#ifdef PKCS1_CHECK
187 return(num-11);
188#endif
210 189
211 /* scan over padding data */ 190 /* scan over padding data */
212 j=flen-1; /* one for type. */ 191 j=flen-1; /* one for type. */
diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c
index fb0fae5a43..73b8b0c7ad 100644
--- a/src/lib/libcrypto/rsa/rsa_saos.c
+++ b/src/lib/libcrypto/rsa/rsa_saos.c
@@ -58,18 +58,13 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "rsa.h" 62#include <openssl/rsa.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "x509.h" 64#include <openssl/x509.h>
65 65
66int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa) 66int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len,
67int type; 67 unsigned char *sigret, unsigned int *siglen, RSA *rsa)
68unsigned char *m;
69unsigned int m_len;
70unsigned char *sigret;
71unsigned int *siglen;
72RSA *rsa;
73 { 68 {
74 ASN1_OCTET_STRING sig; 69 ASN1_OCTET_STRING sig;
75 int i,j,ret=1; 70 int i,j,ret=1;
@@ -105,13 +100,9 @@ RSA *rsa;
105 return(ret); 100 return(ret);
106 } 101 }
107 102
108int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa) 103int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,
109int dtype; 104 unsigned int m_len, unsigned char *sigbuf, unsigned int siglen,
110unsigned char *m; 105 RSA *rsa)
111unsigned int m_len;
112unsigned char *sigbuf;
113unsigned int siglen;
114RSA *rsa;
115 { 106 {
116 int i,ret=0; 107 int i,ret=0;
117 unsigned char *p,*s; 108 unsigned char *p,*s;
diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c
index 28c5571e74..1740494a4c 100644
--- a/src/lib/libcrypto/rsa/rsa_sign.c
+++ b/src/lib/libcrypto/rsa/rsa_sign.c
@@ -58,18 +58,13 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "rsa.h" 62#include <openssl/rsa.h>
63#include "objects.h" 63#include <openssl/objects.h>
64#include "x509.h" 64#include <openssl/x509.h>
65 65
66int RSA_sign(type,m,m_len,sigret,siglen,rsa) 66int RSA_sign(int type, unsigned char *m, unsigned int m_len,
67int type; 67 unsigned char *sigret, unsigned int *siglen, RSA *rsa)
68unsigned char *m;
69unsigned int m_len;
70unsigned char *sigret;
71unsigned int *siglen;
72RSA *rsa;
73 { 68 {
74 X509_SIG sig; 69 X509_SIG sig;
75 ASN1_TYPE parameter; 70 ASN1_TYPE parameter;
@@ -124,13 +119,8 @@ RSA *rsa;
124 return(ret); 119 return(ret);
125 } 120 }
126 121
127int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa) 122int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,
128int dtype; 123 unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
129unsigned char *m;
130unsigned int m_len;
131unsigned char *sigbuf;
132unsigned int siglen;
133RSA *rsa;
134 { 124 {
135 int i,ret=0,sigtype; 125 int i,ret=0,sigtype;
136 unsigned char *p,*s; 126 unsigned char *p,*s;
@@ -154,9 +144,11 @@ RSA *rsa;
154 144
155 p=s; 145 p=s;
156 sig=d2i_X509_SIG(NULL,&p,(long)i); 146 sig=d2i_X509_SIG(NULL,&p,(long)i);
147
157 if (sig == NULL) goto err; 148 if (sig == NULL) goto err;
158 sigtype=OBJ_obj2nid(sig->algor->algorithm); 149 sigtype=OBJ_obj2nid(sig->algor->algorithm);
159 150
151
160#ifdef RSA_DEBUG 152#ifdef RSA_DEBUG
161 /* put a backward compatability flag in EAY */ 153 /* put a backward compatability flag in EAY */
162 fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), 154 fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c
index 9bcd4b2c03..1050844f8d 100644
--- a/src/lib/libcrypto/rsa/rsa_ssl.c
+++ b/src/lib/libcrypto/rsa/rsa_ssl.c
@@ -58,15 +58,12 @@
58 58
59#include <stdio.h> 59#include <stdio.h>
60#include "cryptlib.h" 60#include "cryptlib.h"
61#include "bn.h" 61#include <openssl/bn.h>
62#include "rsa.h" 62#include <openssl/rsa.h>
63#include "rand.h" 63#include <openssl/rand.h>
64 64
65int RSA_padding_add_SSLv23(to,tlen,from,flen) 65int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,
66unsigned char *to; 66 int flen)
67int tlen;
68unsigned char *from;
69int flen;
70 { 67 {
71 int i,j; 68 int i,j;
72 unsigned char *p; 69 unsigned char *p;
@@ -103,11 +100,8 @@ int flen;
103 return(1); 100 return(1);
104 } 101 }
105 102
106int RSA_padding_check_SSLv23(to,tlen,from,flen) 103int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,
107unsigned char *to; 104 int flen, int num)
108int tlen;
109unsigned char *from;
110int flen;
111 { 105 {
112 int i,j,k; 106 int i,j,k;
113 unsigned char *p; 107 unsigned char *p;
@@ -118,7 +112,7 @@ int flen;
118 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL); 112 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
119 return(-1); 113 return(-1);
120 } 114 }
121 if (*(p++) != 02) 115 if ((num != (flen+1)) || (*(p++) != 02))
122 { 116 {
123 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02); 117 RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
124 return(-1); 118 return(-1);
generated by cgit v1.2.3-55-g6feb (git 2.39.1) at 2025-04-26 06:24:53 +0000