correct error handling

insert spaces in products that occur in error codes

apps/rsa.c

@@ -262,9 +262,12 @@ bad:
 		}
 
 	if (check)
-		if (RSA_check_key(rsa))
+		{
+		int r = RSA_check_key(rsa);
+
+		if (r == 1)
 			BIO_printf(out,"RSA key ok\n");
-		else
+		else if (r == 0)
 			{
 			long e;
 
@@ -276,13 +279,15 @@ bad:
 				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
 				ERR_get_error(); /* remove e from error stack */
 				}
-			if (e != 0)
-				{
-				ERR_print_errors(bio_err);
-				goto end;
-				}
 			}
-	
+		
+		if (r == -1 || ERR_peek_error() != 0) /* should happen only if r == -1 */
+			{
+			ERR_print_errors(bio_err);
+			goto end;
+			}
+		}
+		
 	if (noout) goto end;
 	BIO_printf(bio_err,"writing RSA private key\n");
 	if 	(outformat == FORMAT_ASN1)

crypto/rsa/rsa.h

@@ -286,14 +286,14 @@ char *RSA_get_ex_data(RSA *r, int idx);
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
 #define RSA_R_DATA_TOO_SMALL				 111
 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
-#define RSA_R_DE_NOT_CONGRUENT_TO_1			 123
+#define RSA_R_D_E_NOT_CONGRUENT_TO_1			 123
 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
-#define RSA_R_N_DOES_NOT_EQUAL_PQ			 127
+#define RSA_R_N_DOES_NOT_EQUAL_P_Q			 127
 #define RSA_R_OAEP_DECODING_ERROR			 121
 #define RSA_R_PADDING_CHECK_FAILED			 114
 #define RSA_R_P_NOT_PRIME				 128

crypto/rsa/rsa_chk.c

@@ -57,6 +57,7 @@ int RSA_check_key(RSA *key)
 	{
 	BIGNUM *i, *j, *k, *l, *m;
 	BN_CTX *ctx;
+	int r;
 	int ret=1;
 	
 	i = BN_new();
@@ -68,85 +69,99 @@ int RSA_check_key(RSA *key)
 	if (i == NULL || j == NULL || k == NULL || l == NULL ||
 		m == NULL || ctx == NULL)
 		{
-		ret = 0;
+		ret = -1;
 		RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
 		goto err;
 		}
 	
 	/* p prime? */
-	if (BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL) != 1)
+	r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL);
+	if (r != 1)
 		{
-		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
+		ret = r;
+		if (r != 0)
 			goto err;
 		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
 		}
 	
 	/* q prime? */
-	if (BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL) != 1)
+	r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL);
+	if (r != 1)
 		{
-		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
+		ret = r;
+		if (r != 0)
 			goto err;
 		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
 		}
 	
 	/* n = p*q? */
-	BN_mul(i, key->p, key->q, ctx);
+	r = BN_mul(i, key->p, key->q, ctx);
+	if (!r) { ret = -1; goto err; }
+	
 	if (BN_cmp(i, key->n) != 0)
 		{
 		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_PQ);
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
 		}
 	
 	/* dmp1 = d mod (p-1)? */
-	BN_sub(i, key->p, BN_value_one());
-	BN_mod(j, key->d, i, ctx);
+	r = BN_sub(i, key->p, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+
+	r = BN_mod(j, key->d, i, ctx);
+	if (!r) { ret = -1; goto err; }
+
 	if (BN_cmp(j, key->dmp1) != 0)
 		{
 		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
-			goto err;
 		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
 		}
 	
 	/* dmq1 = d mod (q-1)? */    
-	BN_sub(i, key->q, BN_value_one());
-	BN_mod(j, key->d, i, ctx);
+	r = BN_sub(i, key->q, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+	
+	r = BN_mod(j, key->d, i, ctx);
+	if (!r) { ret = -1; goto err; }
+
 	if (BN_cmp(j, key->dmq1) != 0)
 		{
 		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
-			goto err;
 		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
 		}
 	
 	/* iqmp = q^-1 mod p? */
-	BN_mod_inverse(i, key->q, key->p, ctx);
+	r = BN_mod_inverse(i, key->q, key->p, ctx);
+	if (!r) { ret = -1; goto err; }
+
 	if (BN_cmp(i, key->iqmp) != 0)
 		{
 		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
-			goto err;
 		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
 		}
 	
 	/* d*e = 1  mod lcm(p-1,q-1)? */
-	BN_sub(i, key->p, BN_value_one());
-	BN_sub(j, key->q, BN_value_one());
+
+	r = BN_sub(i, key->p, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+	r = BN_sub(j, key->q, BN_value_one());
+	if (!r) { ret = -1; goto err; }
+
 	/* now compute k = lcm(i,j) */
-	BN_mul(l, i, j, ctx);
-	BN_gcd(m, i, j, ctx);
-	BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
-	BN_mod_mul(i, key->d, key->e, k, ctx);
+	r = BN_mul(l, i, j, ctx);
+	if (!r) { ret = -1; goto err; }
+	r = BN_gcd(m, i, j, ctx);
+	if (!r) { ret = -1; goto err; }
+	r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */
+	if (!r) { ret = -1; goto err; }
+
+	r = BN_mod_mul(i, key->d, key->e, k, ctx);
+	if (!r) { ret = -1; goto err; }
+
 	if (!BN_is_one(i))
 		{
 		ret = 0;
-		if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE)
-			goto err;
-		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DE_NOT_CONGRUENT_TO_1);
+		RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
 		}
 	
  err:

crypto/rsa/rsa_err.c

@@ -106,14 +106,14 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
 {RSA_R_DATA_TOO_SMALL                    ,"data too small"},
 {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
-{RSA_R_DE_NOT_CONGRUENT_TO_1             ,"de not congruent to 1"},
+{RSA_R_D_E_NOT_CONGRUENT_TO_1            ,"d e not congruent to 1"},
 {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
 {RSA_R_DMP1_NOT_CONGRUENT_TO_D           ,"dmp1 not congruent to d"},
 {RSA_R_DMQ1_NOT_CONGRUENT_TO_D           ,"dmq1 not congruent to d"},
 {RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
 {RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},
 {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
-{RSA_R_N_DOES_NOT_EQUAL_PQ               ,"n does not equal pq"},
+{RSA_R_N_DOES_NOT_EQUAL_P_Q              ,"n does not equal p q"},
 {RSA_R_OAEP_DECODING_ERROR               ,"oaep decoding error"},
 {RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
 {RSA_R_P_NOT_PRIME                       ,"p not prime"},