From 13c662ccd1d22d856f1f2defeea26dd18c0af043 Mon Sep 17 00:00:00 2001 From: djm <> Date: Mon, 5 Jan 2009 21:36:39 +0000 Subject: update to openssl-0.9.8i; tested by several, especially krw@ --- src/lib/libcrypto/rsa/Makefile | 13 +++++++++---- src/lib/libcrypto/rsa/rsa.h | 2 ++ src/lib/libcrypto/rsa/rsa_eay.c | 39 ++++++++++++++++++++++----------------- src/lib/libcrypto/rsa/rsa_ssl.c | 2 +- 4 files changed, 34 insertions(+), 22 deletions(-) (limited to 'src/lib/libcrypto/rsa') diff --git a/src/lib/libcrypto/rsa/Makefile b/src/lib/libcrypto/rsa/Makefile index 13900812ac..8f1c611800 100644 --- a/src/lib/libcrypto/rsa/Makefile +++ b/src/lib/libcrypto/rsa/Makefile @@ -133,12 +133,17 @@ rsa_gen.o: ../cryptlib.h rsa_gen.c rsa_lib.o: ../../e_os.h ../../include/openssl/asn1.h rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h -rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/engine.h -rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h +rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h +rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h +rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h -rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h -rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h +rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h +rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h +rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h rsa_lib.o: ../cryptlib.h rsa_lib.c rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index 6b5e4f8a9a..3699afaaaf 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h @@ -281,6 +281,7 @@ int RSA_print_fp(FILE *fp, const RSA *r,int offset); int RSA_print(BIO *bp, const RSA *r,int offset); #endif +#ifndef OPENSSL_NO_RC4 int i2d_RSA_NET(const RSA *a, unsigned char **pp, int (*cb)(char *buf, int len, const char *prompt, int verify), int sgckey); @@ -294,6 +295,7 @@ int i2d_Netscape_RSA(const RSA *a, unsigned char **pp, RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length, int (*cb)(char *buf, int len, const char *prompt, int verify)); +#endif /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 272c5eed18..5a6eda7961 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c @@ -150,16 +150,6 @@ const RSA_METHOD *RSA_PKCS1_SSLeay(void) return(&rsa_pkcs1_eay_meth); } -/* Usage example; - * MONT_HELPER(rsa->_method_mod_p, bn_ctx, rsa->p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - */ -#define MONT_HELPER(method_mod, ctx, m, pre_cond, err_instr) \ - if ((pre_cond) && ((method_mod) == NULL) && \ - !BN_MONT_CTX_set_locked(&(method_mod), \ - CRYPTO_LOCK_RSA, \ - (m), (ctx))) \ - err_instr - static int RSA_eay_public_encrypt(int flen, const unsigned char *from, unsigned char *to, RSA *rsa, int padding) { @@ -233,7 +223,9 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from, goto err; } - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -460,7 +452,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from, else d= rsa->d; - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if(!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -581,7 +575,9 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from, else d = rsa->d; - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -691,7 +687,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from, goto err; } - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, rsa->_method_mod_n)) goto err; @@ -769,11 +767,18 @@ static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx) q = rsa->q; } - MONT_HELPER(rsa->_method_mod_p, ctx, p, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); - MONT_HELPER(rsa->_method_mod_q, ctx, q, rsa->flags & RSA_FLAG_CACHE_PRIVATE, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) + { + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx)) + goto err; + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx)) + goto err; + } } - MONT_HELPER(rsa->_method_mod_n, ctx, rsa->n, rsa->flags & RSA_FLAG_CACHE_PUBLIC, goto err); + if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) + if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx)) + goto err; /* compute I mod q */ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c index ea72629494..cfeff15bc9 100644 --- a/src/lib/libcrypto/rsa/rsa_ssl.c +++ b/src/lib/libcrypto/rsa/rsa_ssl.c @@ -130,7 +130,7 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); return(-1); } - for (k= -8; k<0; k++) + for (k = -9; k<-1; k++) { if (p[k] != 0x03) break; } -- cgit v1.2.3-55-g6feb