From de8f24ea083384bb66b32ec105dc4743c5663cdf Mon Sep 17 00:00:00 2001 From: beck <> Date: Wed, 29 Sep 1999 04:37:45 +0000 Subject: OpenSSL 0.9.4 merge --- src/lib/libcrypto/rsa/Makefile.ssl | 134 ++++++++++++--- src/lib/libcrypto/rsa/rsa.err | 45 ----- src/lib/libcrypto/rsa/rsa.h | 203 +++++++++++----------- src/lib/libcrypto/rsa/rsa_chk.c | 184 ++++++++++++++++++++ src/lib/libcrypto/rsa/rsa_eay.c | 164 +++++++++--------- src/lib/libcrypto/rsa/rsa_err.c | 133 ++++++++------- src/lib/libcrypto/rsa/rsa_gen.c | 14 +- src/lib/libcrypto/rsa/rsa_lib.c | 167 ++++++++++-------- src/lib/libcrypto/rsa/rsa_none.c | 47 ++---- src/lib/libcrypto/rsa/rsa_oaep.c | 162 ++++++++++++++++++ src/lib/libcrypto/rsa/rsa_oaep_test.c | 309 ++++++++++++++++++++++++++++++++++ src/lib/libcrypto/rsa/rsa_pk1.c | 53 ++---- src/lib/libcrypto/rsa/rsa_saos.c | 27 +-- src/lib/libcrypto/rsa/rsa_sign.c | 28 ++- src/lib/libcrypto/rsa/rsa_ssl.c | 22 +-- 15 files changed, 1194 insertions(+), 498 deletions(-) delete mode 100644 src/lib/libcrypto/rsa/rsa.err create mode 100644 src/lib/libcrypto/rsa/rsa_chk.c create mode 100644 src/lib/libcrypto/rsa/rsa_oaep.c create mode 100644 src/lib/libcrypto/rsa/rsa_oaep_test.c (limited to 'src/lib/libcrypto/rsa') diff --git a/src/lib/libcrypto/rsa/Makefile.ssl b/src/lib/libcrypto/rsa/Makefile.ssl index d52f2e609e..da704fc558 100644 --- a/src/lib/libcrypto/rsa/Makefile.ssl +++ b/src/lib/libcrypto/rsa/Makefile.ssl @@ -7,25 +7,25 @@ TOP= ../.. CC= cc INCLUDES= -I.. -I../../include CFLAG=-g +INSTALL_PREFIX= +OPENSSLDIR= /usr/local/ssl INSTALLTOP=/usr/local/ssl MAKE= make -f Makefile.ssl -MAKEDEPEND= makedepend -f Makefile.ssl +MAKEDEPEND= $(TOP)/util/domd $(TOP) MAKEFILE= Makefile.ssl AR= ar r CFLAGS= $(INCLUDES) $(CFLAG) -ERR=rsa -ERRC=rsa_err GENERAL=Makefile -TEST= +TEST=rsa_oaep_test.c APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \ - rsa_pk1.c rsa_ssl.c rsa_none.c -LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \ - rsa_pk1.o rsa_ssl.o rsa_none.o +LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ + rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c +LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ + rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o SRC= $(LIBSRC) @@ -41,24 +41,23 @@ all: lib lib: $(LIBOBJ) $(AR) $(LIB) $(LIBOBJ) - sh $(TOP)/util/ranlib.sh $(LIB) + $(RANLIB) $(LIB) @touch lib files: - perl $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO + $(PERL) $(TOP)/util/files.pl Makefile.ssl >> $(TOP)/MINFO links: - /bin/rm -f Makefile - $(TOP)/util/point.sh Makefile.ssl Makefile ; - $(TOP)/util/mklink.sh ../../include $(EXHEADER) - $(TOP)/util/mklink.sh ../../test $(TEST) - $(TOP)/util/mklink.sh ../../apps $(APPS) + @$(TOP)/util/point.sh Makefile.ssl Makefile + @$(PERL) $(TOP)/util/mklink.pl ../../include/openssl $(EXHEADER) + @$(PERL) $(TOP)/util/mklink.pl ../../test $(TEST) + @$(PERL) $(TOP)/util/mklink.pl ../../apps $(APPS) install: @for i in $(EXHEADER) ; \ do \ - (cp $$i $(INSTALLTOP)/include/$$i; \ - chmod 644 $(INSTALLTOP)/include/$$i ); \ + (cp $$i $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i; \ + chmod 644 $(INSTALL_PREFIX)$(INSTALLTOP)/include/openssl/$$i ); \ done; tags: @@ -70,17 +69,104 @@ lint: lint -DLINT $(INCLUDES) $(SRC)>fluff depend: - $(MAKEDEPEND) $(INCLUDES) $(PROGS) $(LIBSRC) + $(MAKEDEPEND) $(INCLUDES) $(DEPFLAG) $(PROGS) $(LIBSRC) dclean: - perl -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new + $(PERL) -pe 'if (/^# DO NOT DELETE THIS LINE/) {print; exit(0);}' $(MAKEFILE) >Makefile.new mv -f Makefile.new $(MAKEFILE) clean: - /bin/rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff - -errors: - perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h - perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c + rm -f *.o */*.o *.obj lib tags core .pure .nfs* *.old *.bak fluff # DO NOT DELETE THIS LINE -- make depend depends on it. + +rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h +rsa_chk.o: ../../include/openssl/stack.h +rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h +rsa_eay.o: ../cryptlib.h +rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h +rsa_err.o: ../../include/openssl/stack.h +rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h +rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h +rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h +rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h +rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h +rsa_lib.o: ../cryptlib.h +rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h +rsa_none.o: ../cryptlib.h +rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/sha.h +rsa_oaep.o: ../../include/openssl/stack.h ../cryptlib.h +rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h +rsa_pk1.o: ../cryptlib.h +rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +rsa_saos.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +rsa_saos.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +rsa_saos.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_saos.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +rsa_saos.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +rsa_saos.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +rsa_saos.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +rsa_saos.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_saos.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_saos.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_saos.o: ../cryptlib.h +rsa_sign.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h +rsa_sign.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h +rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h +rsa_sign.o: ../../include/openssl/crypto.h ../../include/openssl/des.h +rsa_sign.o: ../../include/openssl/dh.h ../../include/openssl/dsa.h +rsa_sign.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h +rsa_sign.o: ../../include/openssl/idea.h ../../include/openssl/md2.h +rsa_sign.o: ../../include/openssl/md5.h ../../include/openssl/mdc2.h +rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h +rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/pkcs7.h +rsa_sign.o: ../../include/openssl/rc2.h ../../include/openssl/rc4.h +rsa_sign.o: ../../include/openssl/rc5.h ../../include/openssl/ripemd.h +rsa_sign.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h +rsa_sign.o: ../../include/openssl/sha.h ../../include/openssl/stack.h +rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h +rsa_sign.o: ../cryptlib.h +rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h +rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h +rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h +rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h +rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h +rsa_ssl.o: ../cryptlib.h diff --git a/src/lib/libcrypto/rsa/rsa.err b/src/lib/libcrypto/rsa/rsa.err deleted file mode 100644 index 5ded1b5fa2..0000000000 --- a/src/lib/libcrypto/rsa/rsa.err +++ /dev/null @@ -1,45 +0,0 @@ -/* Error codes for the RSA functions. */ - -/* Function codes. */ -#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 -#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 -#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 -#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 -#define RSA_F_RSA_GENERATE_KEY 104 -#define RSA_F_RSA_NEW_METHOD 105 -#define RSA_F_RSA_PADDING_ADD_NONE 106 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 -#define RSA_F_RSA_PADDING_ADD_SSLV23 109 -#define RSA_F_RSA_PADDING_CHECK_NONE 110 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 -#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 -#define RSA_F_RSA_PRINT 114 -#define RSA_F_RSA_PRINT_FP 115 -#define RSA_F_RSA_SIGN 116 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 -#define RSA_F_RSA_VERIFY 118 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 - -/* Reason codes. */ -#define RSA_R_ALGORITHM_MISMATCH 100 -#define RSA_R_BAD_E_VALUE 101 -#define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 -#define RSA_R_BAD_PAD_BYTE_COUNT 103 -#define RSA_R_BAD_SIGNATURE 104 -#define RSA_R_BAD_ZERO_BYTE 105 -#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 -#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 -#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 -#define RSA_R_DATA_TOO_LARGE 109 -#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 -#define RSA_R_DATA_TOO_SMALL 111 -#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 -#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 -#define RSA_R_PADDING_CHECK_FAILED 114 -#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 -#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 -#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 -#define RSA_R_UNKNOWN_PADDING_TYPE 118 -#define RSA_R_WRONG_SIGNATURE_LENGTH 119 diff --git a/src/lib/libcrypto/rsa/rsa.h b/src/lib/libcrypto/rsa/rsa.h index aeb78ffcd3..9230b2fcc9 100644 --- a/src/lib/libcrypto/rsa/rsa.h +++ b/src/lib/libcrypto/rsa/rsa.h @@ -63,26 +63,37 @@ extern "C" { #endif -#include "bn.h" -#include "crypto.h" +#include +#include + +#ifdef NO_RSA +#error RSA is disabled. +#endif + +typedef struct rsa_st RSA; typedef struct rsa_meth_st { - char *name; - int (*rsa_pub_enc)(); - int (*rsa_pub_dec)(); - int (*rsa_priv_enc)(); - int (*rsa_priv_dec)(); - int (*rsa_mod_exp)(); /* Can be null */ - int (*bn_mod_exp)(); /* Can be null */ - int (*init)(/* RSA * */); /* called at new */ - int (*finish)(/* RSA * */); /* called at free */ - + const char *name; + int (*rsa_pub_enc)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_pub_dec)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_priv_enc)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_priv_dec)(int flen,unsigned char *from,unsigned char *to, + RSA *rsa,int padding); + int (*rsa_mod_exp)(BIGNUM *r0,BIGNUM *I,RSA *rsa); /* Can be null */ + int (*bn_mod_exp)(BIGNUM *r, BIGNUM *a, const BIGNUM *p, + const BIGNUM *m, BN_CTX *ctx, + BN_MONT_CTX *m_ctx); /* Can be null */ + int (*init)(RSA *rsa); /* called at new */ + int (*finish)(RSA *rsa); /* called at free */ int flags; /* RSA_METHOD_FLAG_* things */ char *app_data; /* may be needed! */ } RSA_METHOD; -typedef struct rsa_st +struct rsa_st { /* The first parameter is used to pickup errors where * this is passed instead of aEVP_PKEY, it is set to 0 */ @@ -97,41 +108,52 @@ typedef struct rsa_st BIGNUM *dmp1; BIGNUM *dmq1; BIGNUM *iqmp; - /* be carefull using this if the RSA structure is shared */ + /* be careful using this if the RSA structure is shared */ CRYPTO_EX_DATA ex_data; int references; int flags; - /* Normally used to cached montgomery values */ - char *method_mod_n; - char *method_mod_p; - char *method_mod_q; + /* Used to cache montgomery values */ + BN_MONT_CTX *_method_mod_n; + BN_MONT_CTX *_method_mod_p; + BN_MONT_CTX *_method_mod_q; + /* all BIGNUM values are actually in the following data, if it is not + * NULL */ + char *bignum_data; BN_BLINDING *blinding; - } RSA; + }; #define RSA_3 0x3L #define RSA_F4 0x10001L #define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ + #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 #define RSA_FLAG_THREAD_SAFE 0x10 +/* This flag means the private key operations will be handled by rsa_mod_exp + * and that they do not depend on the private key components being present: + * for example a key stored in external hardware. Without this flag bn_mod_exp + * gets called when private key components are absent. + */ +#define RSA_FLAG_EXT_PKEY 0x20 #define RSA_PKCS1_PADDING 1 #define RSA_SSLV23_PADDING 2 #define RSA_NO_PADDING 3 +#define RSA_PKCS1_OAEP_PADDING 4 #define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg) #define RSA_get_app_data(s) RSA_get_ex_data(s,0) -#ifndef NOPROTO RSA * RSA_new(void); RSA * RSA_new_method(RSA_METHOD *method); int RSA_size(RSA *); RSA * RSA_generate_key(int bits, unsigned long e,void - (*callback)(int,int,char *),char *cb_arg); + (*callback)(int,int,void *),void *cb_arg); +int RSA_check_key(RSA *); /* next 4 return -1 on error */ int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); @@ -146,6 +168,12 @@ void RSA_free (RSA *r); int RSA_flags(RSA *r); void RSA_set_default_method(RSA_METHOD *meth); +RSA_METHOD *RSA_get_default_method(void); +RSA_METHOD *RSA_get_method(RSA *rsa); +RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth); + +/* This function needs the memory locking malloc callbacks to be installed */ +int RSA_memory_lock(RSA *r); /* If you have RSAref compiled in. */ RSA_METHOD *RSA_PKCS1_RSAref(void); @@ -193,107 +221,63 @@ void RSA_blinding_off(RSA *rsa); int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); +int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen, + unsigned char *f,int fl,unsigned char *p, + int pl); +int RSA_padding_check_PKCS1_OAEP(unsigned char *to,int tlen, + unsigned char *f,int fl,int rsa_len, + unsigned char *p,int pl); int RSA_padding_add_SSLv23(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_padding_add_none(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_none(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), int (*dup_func)(), void (*free_func)()); int RSA_set_ex_data(RSA *r,int idx,char *arg); char *RSA_get_ex_data(RSA *r, int idx); -#else - -RSA * RSA_new(); -RSA * RSA_new_method(); -int RSA_size(); -RSA * RSA_generate_key(); -int RSA_public_encrypt(); -int RSA_private_encrypt(); -int RSA_public_decrypt(); -int RSA_private_decrypt(); -void RSA_free (); - -int RSA_flags(); - -void RSA_set_default_method(); - -/* RSA_METHOD *RSA_PKCS1_RSAref(); */ -RSA_METHOD *RSA_PKCS1_SSLeay(); - -void ERR_load_RSA_strings(); - -RSA * d2i_RSAPublicKey(); -int i2d_RSAPublicKey(); -RSA * d2i_RSAPrivateKey(); -int i2d_RSAPrivateKey(); -#ifndef NO_FP_API -int RSA_print_fp(); -#endif - -int RSA_print(); - -int i2d_Netscape_RSA(); -RSA *d2i_Netscape_RSA(); -RSA *d2i_Netscape_RSA_2(); - -int RSA_sign(); -int RSA_verify(); - -int RSA_sign_ASN1_OCTET_STRING(); -int RSA_verify_ASN1_OCTET_STRING(); -int RSA_blinding_on(); -void RSA_blinding_off(); - -int RSA_padding_add_PKCS1_type_1(); -int RSA_padding_check_PKCS1_type_1(); -int RSA_padding_add_PKCS1_type_2(); -int RSA_padding_check_PKCS1_type_2(); -int RSA_padding_add_SSLv23(); -int RSA_padding_check_SSLv23(); -int RSA_padding_add_none(); -int RSA_padding_check_none(); - -int RSA_get_ex_new_index(); -int RSA_set_ex_data(); -char *RSA_get_ex_data(); - -#endif - /* BEGIN ERROR CODES */ +/* The following lines are auto generated by the script mkerr.pl. Any changes + * made after this point may be overwritten when the script is next run. + */ + /* Error codes for the RSA functions. */ /* Function codes. */ -#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 -#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 -#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 -#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 -#define RSA_F_RSA_GENERATE_KEY 104 -#define RSA_F_RSA_NEW_METHOD 105 -#define RSA_F_RSA_PADDING_ADD_NONE 106 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 -#define RSA_F_RSA_PADDING_ADD_SSLV23 109 -#define RSA_F_RSA_PADDING_CHECK_NONE 110 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 -#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 -#define RSA_F_RSA_PRINT 114 -#define RSA_F_RSA_PRINT_FP 115 -#define RSA_F_RSA_SIGN 116 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 -#define RSA_F_RSA_VERIFY 118 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_CHECK_KEY 123 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_NEW_METHOD 106 +#define RSA_F_RSA_PADDING_ADD_NONE 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_CHECK_NONE 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP 122 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PRINT 115 +#define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_SIGN 117 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +#define RSA_F_RSA_VERIFY 119 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 @@ -301,22 +285,31 @@ char *RSA_get_ex_data(); #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 #define RSA_R_BAD_PAD_BYTE_COUNT 103 #define RSA_R_BAD_SIGNATURE 104 -#define RSA_R_BAD_ZERO_BYTE 105 #define RSA_R_BLOCK_TYPE_IS_NOT_01 106 #define RSA_R_BLOCK_TYPE_IS_NOT_02 107 #define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 #define RSA_R_DATA_TOO_LARGE 109 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 #define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 +#define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127 +#define RSA_R_OAEP_DECODING_ERROR 121 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_P_NOT_PRIME 128 +#define RSA_R_Q_NOT_PRIME 129 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 - + #ifdef __cplusplus } #endif diff --git a/src/lib/libcrypto/rsa/rsa_chk.c b/src/lib/libcrypto/rsa/rsa_chk.c new file mode 100644 index 0000000000..91b9115798 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_chk.c @@ -0,0 +1,184 @@ +/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + */ + +#include +#include +#include + + +int RSA_check_key(RSA *key) + { + BIGNUM *i, *j, *k, *l, *m; + BN_CTX *ctx; + int r; + int ret=1; + + i = BN_new(); + j = BN_new(); + k = BN_new(); + l = BN_new(); + m = BN_new(); + ctx = BN_CTX_new(); + if (i == NULL || j == NULL || k == NULL || l == NULL || + m == NULL || ctx == NULL) + { + ret = -1; + RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); + goto err; + } + + /* p prime? */ + r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); + if (r != 1) + { + ret = r; + if (r != 0) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); + } + + /* q prime? */ + r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); + if (r != 1) + { + ret = r; + if (r != 0) + goto err; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); + } + + /* n = p*q? */ + r = BN_mul(i, key->p, key->q, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(i, key->n) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); + } + + /* d*e = 1 mod lcm(p-1,q-1)? */ + + r = BN_sub(i, key->p, BN_value_one()); + if (!r) { ret = -1; goto err; } + r = BN_sub(j, key->q, BN_value_one()); + if (!r) { ret = -1; goto err; } + + /* now compute k = lcm(i,j) */ + r = BN_mul(l, i, j, ctx); + if (!r) { ret = -1; goto err; } + r = BN_gcd(m, i, j, ctx); + if (!r) { ret = -1; goto err; } + r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ + if (!r) { ret = -1; goto err; } + + r = BN_mod_mul(i, key->d, key->e, k, ctx); + if (!r) { ret = -1; goto err; } + + if (!BN_is_one(i)) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); + } + + if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) + { + /* dmp1 = d mod (p-1)? */ + r = BN_sub(i, key->p, BN_value_one()); + if (!r) { ret = -1; goto err; } + + r = BN_mod(j, key->d, i, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(j, key->dmp1) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_DMP1_NOT_CONGRUENT_TO_D); + } + + /* dmq1 = d mod (q-1)? */ + r = BN_sub(i, key->q, BN_value_one()); + if (!r) { ret = -1; goto err; } + + r = BN_mod(j, key->d, i, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(j, key->dmq1) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_DMQ1_NOT_CONGRUENT_TO_D); + } + + /* iqmp = q^-1 mod p? */ + if(!BN_mod_inverse(i, key->q, key->p, ctx)) + { + ret = -1; + goto err; + } + + if (BN_cmp(i, key->iqmp) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_IQMP_NOT_INVERSE_OF_Q); + } + } + + err: + if (i != NULL) BN_free(i); + if (j != NULL) BN_free(j); + if (k != NULL) BN_free(k); + if (l != NULL) BN_free(l); + if (m != NULL) BN_free(m); + if (ctx != NULL) BN_CTX_free(ctx); + return (ret); + } diff --git a/src/lib/libcrypto/rsa/rsa_eay.c b/src/lib/libcrypto/rsa/rsa_eay.c index 42a77f11cd..776324860c 100644 --- a/src/lib/libcrypto/rsa/rsa_eay.c +++ b/src/lib/libcrypto/rsa/rsa_eay.c @@ -68,11 +68,10 @@ #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" -#include "rand.h" +#include +#include +#include -#ifndef NOPROTO static int RSA_eay_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); static int RSA_eay_private_encrypt(int flen, unsigned char *from, @@ -84,16 +83,6 @@ static int RSA_eay_private_decrypt(int flen, unsigned char *from, static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); static int RSA_eay_init(RSA *rsa); static int RSA_eay_finish(RSA *rsa); -#else -static int RSA_eay_public_encrypt(); -static int RSA_eay_private_encrypt(); -static int RSA_eay_public_decrypt(); -static int RSA_eay_private_decrypt(); -static int RSA_eay_mod_exp(); -static int RSA_eay_init(); -static int RSA_eay_finish(); -#endif - static RSA_METHOD rsa_pkcs1_eay_meth={ "Eric Young's PKCS#1 RSA", RSA_eay_public_encrypt, @@ -108,31 +97,75 @@ static RSA_METHOD rsa_pkcs1_eay_meth={ NULL, }; -RSA_METHOD *RSA_PKCS1_SSLeay() +RSA_METHOD *RSA_PKCS1_SSLeay(void) { return(&rsa_pkcs1_eay_meth); } -static int RSA_eay_public_encrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +static int RSA_eay_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - /* Body of this routine removed for OpenBSD - will return - * when the RSA patent expires - */ + BN_init(&f); + BN_init(&ret); + if ((ctx=BN_CTX_new()) == NULL) goto err; + num=BN_num_bytes(rsa->n); + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); + break; +#ifndef NO_SHA + case RSA_PKCS1_OAEP_PADDING: + i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0); + break; +#endif + case RSA_SSLV23_PADDING: + i=RSA_padding_add_SSLv23(buf,num,from,flen); + break; + case RSA_NO_PADDING: + i=RSA_padding_add_none(buf,num,from,flen); + break; + default: + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + if (BN_bin2bn(buf,num,&f) == NULL) goto err; + + if ((rsa->_method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) + { + if ((rsa->_method_mod_n=BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set(rsa->_method_mod_n,rsa->n,ctx)) + goto err; + } + + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, + rsa->_method_mod_n)) goto err; + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -141,14 +174,10 @@ err: return(r); } -static int RSA_eay_private_encrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; @@ -159,8 +188,8 @@ int padding; err: if (ctx != NULL) BN_CTX_free(ctx); - if (ret != NULL) BN_free(ret); - if (f != NULL) BN_free(f); + BN_clear_free(&ret); + BN_clear_free(&f); if (buf != NULL) { memset(buf,0,num); @@ -169,14 +198,10 @@ err: return(r); } -static int RSA_eay_private_decrypt(flen, from, to, rsa,padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +static int RSA_eay_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int j,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; @@ -188,8 +213,8 @@ int padding; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -198,28 +223,23 @@ err: return(r); } -static int RSA_eay_public_decrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +static int RSA_eay_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa, int padding) { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; - /* Body of this routine removed for OpenBSD - will return * when the RSA patent expires */ err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -228,46 +248,40 @@ err: return(r); } -static int RSA_eay_mod_exp(r0, I, rsa) -BIGNUM *r0; -BIGNUM *I; -RSA *rsa; +static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa) { - BIGNUM *r1=NULL,*m1=NULL; + BIGNUM r1,m1; int ret=0; BN_CTX *ctx; if ((ctx=BN_CTX_new()) == NULL) goto err; - m1=BN_new(); - r1=BN_new(); - if ((m1 == NULL) || (r1 == NULL)) goto err; + BN_init(&m1); + BN_init(&r1); /* Body of this routine removed for OpenBSD - will return * when the RSA patent expires */ err: - if (m1 != NULL) BN_free(m1); - if (r1 != NULL) BN_free(r1); + BN_clear_free(&m1); + BN_clear_free(&r1); BN_CTX_free(ctx); return(ret); } -static int RSA_eay_init(rsa) -RSA *rsa; +static int RSA_eay_init(RSA *rsa) { rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; return(1); } -static int RSA_eay_finish(rsa) -RSA *rsa; +static int RSA_eay_finish(RSA *rsa) { - if (rsa->method_mod_n != NULL) - BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n); - if (rsa->method_mod_p != NULL) - BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p); - if (rsa->method_mod_q != NULL) - BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q); + if (rsa->_method_mod_n != NULL) + BN_MONT_CTX_free(rsa->_method_mod_n); + if (rsa->_method_mod_p != NULL) + BN_MONT_CTX_free(rsa->_method_mod_p); + if (rsa->_method_mod_q != NULL) + BN_MONT_CTX_free(rsa->_method_mod_q); return(1); } diff --git a/src/lib/libcrypto/rsa/rsa_err.c b/src/lib/libcrypto/rsa/rsa_err.c index 796b3afd47..9fb15e398d 100644 --- a/src/lib/libcrypto/rsa/rsa_err.c +++ b/src/lib/libcrypto/rsa/rsa_err.c @@ -1,68 +1,72 @@ -/* lib/rsa/rsa_err.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) - * All rights reserved. +/* crypto/rsa/rsa_err.c */ +/* ==================================================================== + * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * - * This package is an SSL implementation written - * by Eric Young (eay@cryptsoft.com). - * The implementation was written so as to conform with Netscapes SSL. - * - * This library is free for commercial and non-commercial use as long as - * the following conditions are aheared to. The following conditions - * apply to all code found in this distribution, be it the RC4, RSA, - * lhash, DES, etc., code; not just the SSL code. The SSL documentation - * included with this distribution is covered by the same copyright terms - * except that the holder is Tim Hudson (tjh@cryptsoft.com). - * - * Copyright remains Eric Young's, and as such any Copyright notices in - * the code are not to be removed. - * If this package is used in a product, Eric Young should be given attribution - * as the author of the parts of the library used. - * This can be in the form of a textual message at program startup or - * in documentation (online or textual) provided with the package. - * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: - * 1. Redistributions of source code must retain the copyright - * notice, this list of conditions and the following disclaimer. + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in the - * documentation and/or other materials provided with the distribution. - * 3. All advertising materials mentioning features or use of this software - * must display the following acknowledgement: - * "This product includes cryptographic software written by - * Eric Young (eay@cryptsoft.com)" - * The word 'cryptographic' can be left out if the rouines from the library - * being used are not cryptographic related :-). - * 4. If you include any Windows specific code (or a derivative thereof) from - * the apps directory (application code) you must include an acknowledgement: - * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" - * - * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND - * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE - * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE - * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL - * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS - * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT - * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY - * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF - * SUCH DAMAGE. - * - * The licence and distribution terms for any publically available version or - * derivative of this code cannot be changed. i.e. this code cannot simply be - * copied and put under another distribution licence - * [including the GNU Public Licence.] + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * openssl-core@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). + * */ + +/* NOTE: this file was auto generated by the mkerr.pl script: any changes + * made to it will be overwritten when the script next updates this file. + */ + #include -#include "err.h" -#include "rsa.h" +#include +#include /* BEGIN ERROR CODES */ #ifndef NO_ERR static ERR_STRING_DATA RSA_str_functs[]= { +{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, +{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, @@ -70,10 +74,12 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, {ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP,0), "RSA_padding_check_PKCS1_OAEP"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, {ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, @@ -83,7 +89,7 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_PACK(0,RSA_F_RSA_SIGN_ASN1_OCTET_STRING,0), "RSA_sign_ASN1_OCTET_STRING"}, {ERR_PACK(0,RSA_F_RSA_VERIFY,0), "RSA_verify"}, {ERR_PACK(0,RSA_F_RSA_VERIFY_ASN1_OCTET_STRING,0), "RSA_verify_ASN1_OCTET_STRING"}, -{0,NULL}, +{0,NULL} }; static ERR_STRING_DATA RSA_str_reasons[]= @@ -93,32 +99,41 @@ static ERR_STRING_DATA RSA_str_reasons[]= {RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, {RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, {RSA_R_BAD_SIGNATURE ,"bad signature"}, -{RSA_R_BAD_ZERO_BYTE ,"bad zero byte"}, {RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, {RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, {RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, {RSA_R_DATA_TOO_LARGE ,"data too large"}, {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, {RSA_R_DATA_TOO_SMALL ,"data too small"}, +{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, +{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"}, {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, +{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, +{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, +{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, +{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, +{RSA_R_N_DOES_NOT_EQUAL_P_Q ,"n does not equal p q"}, +{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, {RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, +{RSA_R_P_NOT_PRIME ,"p not prime"}, +{RSA_R_Q_NOT_PRIME ,"q not prime"}, {RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, {RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, {RSA_R_UNKNOWN_PADDING_TYPE ,"unknown padding type"}, {RSA_R_WRONG_SIGNATURE_LENGTH ,"wrong signature length"}, -{0,NULL}, +{0,NULL} }; #endif -void ERR_load_RSA_strings() +void ERR_load_RSA_strings(void) { static int init=1; - if (init); - {; + if (init) + { init=0; #ifndef NO_ERR ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); diff --git a/src/lib/libcrypto/rsa/rsa_gen.c b/src/lib/libcrypto/rsa/rsa_gen.c index 4cbd373829..3227dba794 100644 --- a/src/lib/libcrypto/rsa/rsa_gen.c +++ b/src/lib/libcrypto/rsa/rsa_gen.c @@ -59,18 +59,15 @@ #include #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" +#include +#include -RSA *RSA_generate_key(bits, e_value, callback,cb_arg) -int bits; -unsigned long e_value; -void (*callback)(P_I_I_P); -char *cb_arg; +RSA *RSA_generate_key(int bits, unsigned long e_value, + void (*callback)(int,int,void *), void *cb_arg) { RSA *rsa=NULL; BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0; + int bitsp,bitsq,ok= -1,n=0,i; BN_CTX *ctx=NULL,*ctx2=NULL; ctx=BN_CTX_new(); @@ -81,6 +78,7 @@ char *cb_arg; /* Body of this routine removed for OpenBSD - will return * when the RSA patent expires */ + err: if (ok == -1) { diff --git a/src/lib/libcrypto/rsa/rsa_lib.c b/src/lib/libcrypto/rsa/rsa_lib.c index 95a56f8a28..c0ca2923a6 100644 --- a/src/lib/libcrypto/rsa/rsa_lib.c +++ b/src/lib/libcrypto/rsa/rsa_lib.c @@ -57,31 +57,49 @@ */ #include -#include "crypto.h" +#include #include "cryptlib.h" -#include "lhash.h" -#include "bn.h" -#include "rsa.h" +#include +#include +#include -char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998"; +const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT; static RSA_METHOD *default_RSA_meth=NULL; static int rsa_meth_num=0; static STACK *rsa_meth=NULL; -RSA *RSA_new() +RSA *RSA_new(void) { return(RSA_new_method(NULL)); } -void RSA_set_default_method(meth) -RSA_METHOD *meth; +void RSA_set_default_method(RSA_METHOD *meth) { default_RSA_meth=meth; } -RSA *RSA_new_method(meth) -RSA_METHOD *meth; +RSA_METHOD *RSA_get_default_method(void) +{ + return default_RSA_meth; +} + +RSA_METHOD *RSA_get_method(RSA *rsa) +{ + return rsa->meth; +} + +RSA_METHOD *RSA_set_method(RSA *rsa, RSA_METHOD *meth) +{ + RSA_METHOD *mtmp; + mtmp = rsa->meth; + if (mtmp->finish) mtmp->finish(rsa); + rsa->meth = meth; + if (meth->init) meth->init(rsa); + return mtmp; +} + +RSA *RSA_new_method(RSA_METHOD *meth) { RSA *ret; @@ -116,22 +134,23 @@ RSA_METHOD *meth; ret->dmq1=NULL; ret->iqmp=NULL; ret->references=1; - ret->method_mod_n=NULL; - ret->method_mod_p=NULL; - ret->method_mod_q=NULL; + ret->_method_mod_n=NULL; + ret->_method_mod_p=NULL; + ret->_method_mod_q=NULL; ret->blinding=NULL; + ret->bignum_data=NULL; ret->flags=ret->meth->flags; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { Free(ret); ret=NULL; } - CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); + else + CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); return(ret); } -void RSA_free(r) -RSA *r; +void RSA_free(RSA *r) { int i; @@ -164,90 +183,63 @@ RSA *r; if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); + if (r->bignum_data != NULL) Free_locked(r->bignum_data); Free(r); } -int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func) -long argl; -char *argp; -int (*new_func)(); -int (*dup_func)(); -void (*free_func)(); +int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), + int (*dup_func)(), void (*free_func)()) { rsa_meth_num++; return(CRYPTO_get_ex_new_index(rsa_meth_num-1, &rsa_meth,argl,argp,new_func,dup_func,free_func)); } -int RSA_set_ex_data(r,idx,arg) -RSA *r; -int idx; -char *arg; +int RSA_set_ex_data(RSA *r, int idx, char *arg) { return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); } -char *RSA_get_ex_data(r,idx) -RSA *r; -int idx; +char *RSA_get_ex_data(RSA *r, int idx) { return(CRYPTO_get_ex_data(&r->ex_data,idx)); } -int RSA_size(r) -RSA *r; +int RSA_size(RSA *r) { return(BN_num_bytes(r->n)); } -int RSA_public_encrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) { return(rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding)); } -int RSA_private_encrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +int RSA_private_encrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) { return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding)); } -int RSA_private_decrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) { return(rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding)); } -int RSA_public_decrypt(flen, from, to, rsa, padding) -int flen; -unsigned char *from; -unsigned char *to; -RSA *rsa; -int padding; +int RSA_public_decrypt(int flen, unsigned char *from, unsigned char *to, + RSA *rsa, int padding) { return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } -int RSA_flags(r) -RSA *r; +int RSA_flags(RSA *r) { return((r == NULL)?0:r->meth->flags); } -void RSA_blinding_off(rsa) -RSA *rsa; +void RSA_blinding_off(RSA *rsa) { if (rsa->blinding != NULL) { @@ -257,9 +249,7 @@ RSA *rsa; rsa->flags&= ~RSA_FLAG_BLINDING; } -int RSA_blinding_on(rsa,p_ctx) -RSA *rsa; -BN_CTX *p_ctx; +int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx) { BIGNUM *A,*Ai; BN_CTX *ctx; @@ -275,13 +265,13 @@ BN_CTX *p_ctx; if (rsa->blinding != NULL) BN_BLINDING_free(rsa->blinding); - A=ctx->bn[0]; + A= &(ctx->bn[0]); ctx->tos++; if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; - if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err; + if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; - if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx, - (char *)rsa->method_mod_n)) goto err; + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n)) + goto err; rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); ctx->tos--; rsa->flags|=RSA_FLAG_BLINDING; @@ -292,3 +282,48 @@ err: return(ret); } +int RSA_memory_lock(RSA *r) + { + int i,j,k,off; + char *p; + BIGNUM *bn,**t[6],*b; + BN_ULONG *ul; + + if (r->d == NULL) return(1); + t[0]= &r->d; + t[1]= &r->p; + t[2]= &r->q; + t[3]= &r->dmp1; + t[4]= &r->dmq1; + t[5]= &r->iqmp; + k=sizeof(BIGNUM)*6; + off=k/sizeof(BN_ULONG)+1; + j=1; + for (i=0; i<6; i++) + j+= (*t[i])->top; + if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) + { + RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); + return(0); + } + bn=(BIGNUM *)p; + ul=(BN_ULONG *)&(p[off]); + for (i=0; i<6; i++) + { + b= *(t[i]); + *(t[i])= &(bn[i]); + memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); + bn[i].flags=BN_FLG_STATIC_DATA; + bn[i].d=ul; + memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); + ul+=b->top; + BN_clear_free(b); + } + + /* I should fix this so it can still be done */ + r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); + + r->bignum_data=p; + return(1); + } + diff --git a/src/lib/libcrypto/rsa/rsa_none.c b/src/lib/libcrypto/rsa/rsa_none.c index f0dd943657..f22fce5016 100644 --- a/src/lib/libcrypto/rsa/rsa_none.c +++ b/src/lib/libcrypto/rsa/rsa_none.c @@ -58,52 +58,41 @@ #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" -#include "rand.h" +#include +#include +#include -int RSA_padding_add_none(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_add_none(unsigned char *to, int tlen, unsigned char *from, + int flen) { - if (flen >= tlen) + if (flen > tlen) { RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); return(0); } + + if (flen < tlen) + { + RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE); + return(0); + } - *(to++)=0; memcpy(to,from,(unsigned int)flen); return(1); } -int RSA_padding_check_none(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_check_none(unsigned char *to, int tlen, unsigned char *from, + int flen, int num) { - int j; - from++; - if (flen+1 > tlen) + if (flen > tlen) { RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); return(-1); } - if (*(from++) != 0) - { - RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE); - return(-1); - } - /* scan over padding data */ - j=flen-1; /* one for type and one for the prepended 0. */ - memset(to,0,tlen-j); - to+=(tlen-j); - memcpy(to,from,j); - return(j); + memset(to,0,tlen-flen); + memcpy(to+tlen-flen,from,flen); + return(tlen); } diff --git a/src/lib/libcrypto/rsa/rsa_oaep.c b/src/lib/libcrypto/rsa/rsa_oaep.c new file mode 100644 index 0000000000..843c40c864 --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_oaep.c @@ -0,0 +1,162 @@ +/* crypto/rsa/rsa_oaep.c */ +/* Written by Ulf Moeller. This software is distributed on an "AS IS" + basis, WITHOUT WARRANTY OF ANY KIND, either express or implied. */ + +/* EME_OAEP as defined in RFC 2437 (PKCS #1 v2.0) */ + +#if !defined(NO_SHA) && !defined(NO_SHA1) +#include +#include "cryptlib.h" +#include +#include +#include +#include + +int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen); + +int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *from, int flen, unsigned char *param, int plen) + { + int i, emlen = tlen - 1; + unsigned char *db, *seed; + unsigned char *dbmask, seedmask[SHA_DIGEST_LENGTH]; + + if (flen > emlen - 2 * SHA_DIGEST_LENGTH - 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, + RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return (0); + } + + if (emlen < 2 * SHA_DIGEST_LENGTH + 1) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_KEY_SIZE_TOO_SMALL); + return (0); + } + + dbmask = Malloc(emlen - SHA_DIGEST_LENGTH); + if (dbmask == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return (0); + } + + to[0] = 0; + seed = to + 1; + db = to + SHA_DIGEST_LENGTH + 1; + + SHA1(param, plen, db); + memset(db + SHA_DIGEST_LENGTH, 0, + emlen - flen - 2 * SHA_DIGEST_LENGTH - 1); + db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01; + memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen); + RAND_bytes(seed, SHA_DIGEST_LENGTH); +#ifdef PKCS_TESTVECT + memcpy(seed, + "\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f", + 20); +#endif + + MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++) + db[i] ^= dbmask[i]; + + MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH); + for (i = 0; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= seedmask[i]; + + Free(dbmask); + return (1); + } + +int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen, + unsigned char *from, int flen, int num, unsigned char *param, + int plen) + { + int i, dblen, mlen = -1; + unsigned char *maskeddb; + int lzero; + unsigned char *db, seed[SHA_DIGEST_LENGTH], phash[SHA_DIGEST_LENGTH]; + + if (--num < 2 * SHA_DIGEST_LENGTH + 1) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + return (-1); + } + + dblen = num - SHA_DIGEST_LENGTH; + db = Malloc(dblen); + if (db == NULL) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE); + return (-1); + } + + lzero = num - flen; + maskeddb = from - lzero + SHA_DIGEST_LENGTH; + + MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen); + for (i = lzero; i < SHA_DIGEST_LENGTH; i++) + seed[i] ^= from[i - lzero]; + + MGF1(db, dblen, seed, SHA_DIGEST_LENGTH); + for (i = 0; i < dblen; i++) + db[i] ^= maskeddb[i]; + + SHA1(param, plen, phash); + + if (memcmp(db, phash, SHA_DIGEST_LENGTH) != 0) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, RSA_R_OAEP_DECODING_ERROR); + else + { + for (i = SHA_DIGEST_LENGTH; i < dblen; i++) + if (db[i] != 0x00) + break; + if (db[i] != 0x01 || i++ >= dblen) + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP, + RSA_R_OAEP_DECODING_ERROR); + else + { + mlen = dblen - i; + if (tlen < mlen) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, RSA_R_DATA_TOO_LARGE); + mlen = -1; + } + else + memcpy(to, db + i, mlen); + } + } + Free(db); + return (mlen); + } + +int MGF1(unsigned char *mask, long len, unsigned char *seed, long seedlen) + { + long i, outlen = 0; + unsigned char cnt[4]; + SHA_CTX c; + unsigned char md[SHA_DIGEST_LENGTH]; + + for (i = 0; outlen < len; i++) + { + cnt[0] = (i >> 24) & 255, cnt[1] = (i >> 16) & 255, + cnt[2] = (i >> 8) & 255, cnt[3] = i & 255; + SHA1_Init(&c); + SHA1_Update(&c, seed, seedlen); + SHA1_Update(&c, cnt, 4); + if (outlen + SHA_DIGEST_LENGTH <= len) + { + SHA1_Final(mask + outlen, &c); + outlen += SHA_DIGEST_LENGTH; + } + else + { + SHA1_Final(md, &c); + memcpy(mask + outlen, md, len - outlen); + outlen = len; + } + } + return (0); + } +#endif diff --git a/src/lib/libcrypto/rsa/rsa_oaep_test.c b/src/lib/libcrypto/rsa/rsa_oaep_test.c new file mode 100644 index 0000000000..0d4e39d3da --- /dev/null +++ b/src/lib/libcrypto/rsa/rsa_oaep_test.c @@ -0,0 +1,309 @@ +/* test vectors from p1ovect1.txt */ + +#include +#include + +#include "openssl/e_os.h" + +#include +#include +#ifdef NO_RSA +int main(int argc, char *argv[]) +{ + printf("No RSA support\n"); + return(0); +} +#else +#include + +#define SetKey \ + key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \ + key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \ + key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \ + key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \ + key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \ + key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \ + key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \ + key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \ + memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \ + return (sizeof(ctext_ex) - 1); + +static int key1(RSA *key, unsigned char *c) + { + static unsigned char n[] = +"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F" +"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5" +"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93" +"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1" +"\xF5"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = +"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44" +"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64" +"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9" +"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"; + + static unsigned char p[] = +"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" +"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12" +"\x0D"; + + static unsigned char q[] = +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" +"\x89"; + + static unsigned char dmp1[] = +"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF" +"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05"; + + static unsigned char dmq1[] = +"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99" +"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D" +"\x51"; + + static unsigned char iqmp[] = +"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8" +"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26"; + + static unsigned char ctext_ex[] = +"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89" +"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52" +"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44" +"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2"; + + SetKey; + } + +static int key2(RSA *key, unsigned char *c) + { + static unsigned char n[] = +"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8" +"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26" +"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8" +"\x34\x77\xCF"; + + static unsigned char e[] = "\x3"; + + static unsigned char d[] = +"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2" +"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41" +"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21" +"\xE5\xEB"; + + static unsigned char p[] = +"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92" +"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91"; + + static unsigned char q[] = +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F"; + + static unsigned char dmp1[] = +"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61" +"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B"; + + static unsigned char dmq1[] = +"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90" +"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F"; + + static unsigned char iqmp[] = +"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13" +"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D"; + + static unsigned char ctext_ex[] = +"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a" +"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4" +"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52" +"\x62\x51"; + + SetKey; + } + +static int key3(RSA *key, unsigned char *c) + { + static unsigned char n[] = +"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71" +"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5" +"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD" +"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80" +"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25" +"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39" +"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68" +"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD" +"\xCB"; + + static unsigned char e[] = "\x11"; + + static unsigned char d[] = +"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD" +"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41" +"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69" +"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA" +"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94" +"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A" +"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94" +"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3" +"\xC1"; + + static unsigned char p[] = +"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60" +"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6" +"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A" +"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65" +"\x99"; + + static unsigned char q[] = +"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9" +"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D" +"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5" +"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15" +"\x03"; + + static unsigned char dmp1[] = +"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A" +"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E" +"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E" +"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81"; + + static unsigned char dmq1[] = +"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9" +"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7" +"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D" +"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D"; + + static unsigned char iqmp[] = +"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23" +"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11" +"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E" +"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39" +"\xF7"; + + static unsigned char ctext_ex[] = +"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7" +"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce" +"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3" +"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06" +"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86" +"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4" +"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a" +"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1"; + + SetKey; + } + +static int pad_unknown(void) +{ + unsigned long l; + while ((l = ERR_get_error()) != 0) + if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE) + return(1); + return(0); +} + +int main() + { + int err=0; + int v; + RSA *key; + unsigned char ptext[256]; + unsigned char ctext[256]; + static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a"; + unsigned char ctext_ex[256]; + int plen; + int clen = 0; + int num; + + CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON); + + plen = sizeof(ptext_ex) - 1; + + for (v = 0; v < 3; v++) + { + key = RSA_new(); + switch (v) { + case 0: + clen = key1(key, ctext_ex); + break; + case 1: + clen = key2(key, ctext_ex); + break; + case 2: + clen = key3(key, ctext_ex); + break; + } + + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_PADDING); + if (num != clen) + { + printf("PKCS#1 v1.5 encryption failed!\n"); + err=1; + goto oaep; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) + { + printf("PKCS#1 v1.5 decryption failed!\n"); + err=1; + } + else + printf("PKCS #1 v1.5 encryption/decryption ok\n"); + + oaep: + ERR_clear_error(); + num = RSA_public_encrypt(plen, ptext_ex, ctext, key, + RSA_PKCS1_OAEP_PADDING); + if (num == -1 && pad_unknown()) + { + printf("No OAEP support\n"); + goto next; + } + if (num != clen) + { + printf("OAEP encryption failed!\n"); + err=1; + goto next; + } + + num = RSA_private_decrypt(num, ctext, ptext, key, + RSA_PKCS1_OAEP_PADDING); + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) + { + printf("OAEP decryption (encrypted data) failed!\n"); + err=1; + } + else if (memcmp(ctext, ctext_ex, num) == 0) + { + printf("OAEP test vector %d passed!\n", v); + goto next; + } + + /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT). + Try decrypting ctext_ex */ + + num = RSA_private_decrypt(clen, ctext_ex, ptext, key, + RSA_PKCS1_OAEP_PADDING); + + if (num != plen || memcmp(ptext, ptext_ex, num) != 0) + { + printf("OAEP decryption (test vector data) failed!\n"); + err=1; + } + else + printf("OAEP encryption/decryption ok\n"); + next: + RSA_free(key); + } + + ERR_remove_state(0); + + CRYPTO_mem_leaks_fp(stdout); + + return err; + } +#endif diff --git a/src/lib/libcrypto/rsa/rsa_pk1.c b/src/lib/libcrypto/rsa/rsa_pk1.c index 2791291b94..f0ae51f234 100644 --- a/src/lib/libcrypto/rsa/rsa_pk1.c +++ b/src/lib/libcrypto/rsa/rsa_pk1.c @@ -58,27 +58,12 @@ #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" -#include "rand.h" - -#ifndef NOPROTO -int RSA_padding_add_PKCS1_type_1(); -int RSA_padding_check_PKCS1_type_1(); -int RSA_padding_add_PKCS1_type_2(); -int RSA_padding_check_PKCS1_type_2(); -int RSA_padding_add_SSLv23(); -int RSA_padding_check_SSLv23(); -int RSA_padding_add_none(); -int RSA_padding_check_none(); +#include +#include +#include -#endif - -int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen, + unsigned char *from, int flen) { int j; unsigned char *p; @@ -103,17 +88,14 @@ int flen; return(1); } -int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen, + unsigned char *from, int flen, int num) { int i,j; unsigned char *p; p=from; - if (*(p++) != 01) + if ((num != (flen+1)) || (*(p++) != 01)) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); return(-1); @@ -153,11 +135,8 @@ int flen; return(j); } -int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen, + unsigned char *from, int flen) { int i,j; unsigned char *p; @@ -192,21 +171,21 @@ int flen; return(1); } -int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen, + unsigned char *from, int flen, int num) { int i,j; unsigned char *p; p=from; - if (*(p++) != 02) + if ((num != (flen+1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); return(-1); } +#ifdef PKCS1_CHECK + return(num-11); +#endif /* scan over padding data */ j=flen-1; /* one for type. */ diff --git a/src/lib/libcrypto/rsa/rsa_saos.c b/src/lib/libcrypto/rsa/rsa_saos.c index fb0fae5a43..73b8b0c7ad 100644 --- a/src/lib/libcrypto/rsa/rsa_saos.c +++ b/src/lib/libcrypto/rsa/rsa_saos.c @@ -58,18 +58,13 @@ #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include +#include -int RSA_sign_ASN1_OCTET_STRING(type,m,m_len,sigret,siglen,rsa) -int type; -unsigned char *m; -unsigned int m_len; -unsigned char *sigret; -unsigned int *siglen; -RSA *rsa; +int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) { ASN1_OCTET_STRING sig; int i,j,ret=1; @@ -105,13 +100,9 @@ RSA *rsa; return(ret); } -int RSA_verify_ASN1_OCTET_STRING(dtype, m, m_len, sigbuf, siglen, rsa) -int dtype; -unsigned char *m; -unsigned int m_len; -unsigned char *sigbuf; -unsigned int siglen; -RSA *rsa; +int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m, + unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, + RSA *rsa) { int i,ret=0; unsigned char *p,*s; diff --git a/src/lib/libcrypto/rsa/rsa_sign.c b/src/lib/libcrypto/rsa/rsa_sign.c index 28c5571e74..1740494a4c 100644 --- a/src/lib/libcrypto/rsa/rsa_sign.c +++ b/src/lib/libcrypto/rsa/rsa_sign.c @@ -58,18 +58,13 @@ #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" -#include "objects.h" -#include "x509.h" +#include +#include +#include +#include -int RSA_sign(type,m,m_len,sigret,siglen,rsa) -int type; -unsigned char *m; -unsigned int m_len; -unsigned char *sigret; -unsigned int *siglen; -RSA *rsa; +int RSA_sign(int type, unsigned char *m, unsigned int m_len, + unsigned char *sigret, unsigned int *siglen, RSA *rsa) { X509_SIG sig; ASN1_TYPE parameter; @@ -124,13 +119,8 @@ RSA *rsa; return(ret); } -int RSA_verify(dtype, m, m_len, sigbuf, siglen, rsa) -int dtype; -unsigned char *m; -unsigned int m_len; -unsigned char *sigbuf; -unsigned int siglen; -RSA *rsa; +int RSA_verify(int dtype, unsigned char *m, unsigned int m_len, + unsigned char *sigbuf, unsigned int siglen, RSA *rsa) { int i,ret=0,sigtype; unsigned char *p,*s; @@ -154,9 +144,11 @@ RSA *rsa; p=s; sig=d2i_X509_SIG(NULL,&p,(long)i); + if (sig == NULL) goto err; sigtype=OBJ_obj2nid(sig->algor->algorithm); + #ifdef RSA_DEBUG /* put a backward compatability flag in EAY */ fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), diff --git a/src/lib/libcrypto/rsa/rsa_ssl.c b/src/lib/libcrypto/rsa/rsa_ssl.c index 9bcd4b2c03..1050844f8d 100644 --- a/src/lib/libcrypto/rsa/rsa_ssl.c +++ b/src/lib/libcrypto/rsa/rsa_ssl.c @@ -58,15 +58,12 @@ #include #include "cryptlib.h" -#include "bn.h" -#include "rsa.h" -#include "rand.h" +#include +#include +#include -int RSA_padding_add_SSLv23(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from, + int flen) { int i,j; unsigned char *p; @@ -103,11 +100,8 @@ int flen; return(1); } -int RSA_padding_check_SSLv23(to,tlen,from,flen) -unsigned char *to; -int tlen; -unsigned char *from; -int flen; +int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from, + int flen, int num) { int i,j,k; unsigned char *p; @@ -118,7 +112,7 @@ int flen; RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL); return(-1); } - if (*(p++) != 02) + if ((num != (flen+1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02); return(-1); -- cgit v1.2.3-55-g6feb