wbrawner/openssl
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Merge public key FIPS code, RSA, DSA, DH.

Browse source
This commit is contained in:
Dr. Stephen Henson 2008-09-16 14:55:26 +00:00
parent 92eb44d238
commit e3f2860e73
25 changed files with 728 additions and 326 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
crypto/dh/dh.h
View file

@ -77,6 +77,8 @@
# define OPENSSL_DH_MAX_MODULUS_BITS 10000
#endif
#define OPENSSL_DH_FIPS_MIN_MODULUS_BITS 1024
#define DH_FLAG_CACHE_MONT_P 0x01
#define DH_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DH
* implementation now uses constant time
@ -167,6 +169,11 @@ struct dh_st
const DH_METHOD *DH_OpenSSL(void);
#ifdef OPENSSL_FIPS
DH * FIPS_dh_new(void);
void FIPS_dh_free(DH *dh);
#endif
void DH_set_default_method(const DH_METHOD *meth);
const DH_METHOD *DH_get_default_method(void);
int DH_set_method(DH *dh, const DH_METHOD *meth);
@ -218,6 +225,9 @@ void ERR_load_DH_strings(void);
#define DH_F_DHPARAMS_PRINT 100
#define DH_F_DHPARAMS_PRINT_FP 101
#define DH_F_DH_BUILTIN_GENPARAMS 106
#define DH_F_DH_COMPUTE_KEY 107
#define DH_F_DH_GENERATE_KEY 108
#define DH_F_DH_GENERATE_PARAMETERS 109
#define DH_F_DH_NEW_METHOD 105
#define DH_F_GENERATE_KEY 103
#define DH_F_GENERATE_PARAMETERS 104
@ -225,6 +235,7 @@ void ERR_load_DH_strings(void);
/* Reason codes. */
#define DH_R_BAD_GENERATOR 101
#define DH_R_INVALID_PUBKEY 102
#define DH_R_KEY_SIZE_TOO_SMALL 104
#define DH_R_MODULUS_TOO_LARGE 103
#define DH_R_NO_PRIVATE_VALUE 100

4
crypto/dh/dh_check.c
View file

@ -70,6 +70,8 @@
* should hold.
*/
#ifndef OPENSSL_FIPS
int DH_check(const DH *dh, int *ret)
{
int ok=0;
@ -140,3 +142,5 @@ err:
if (q != NULL) BN_free(q);
return(ok);
}
#endif

6
crypto/dh/dh_err.c
View file

@ -1,6 +1,6 @@
/* crypto/dh/dh_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -74,6 +74,9 @@ static ERR_STRING_DATA DH_str_functs[]=
{ERR_FUNC(DH_F_DHPARAMS_PRINT), "DHparams_print"},
{ERR_FUNC(DH_F_DHPARAMS_PRINT_FP), "DHparams_print_fp"},
{ERR_FUNC(DH_F_DH_BUILTIN_GENPARAMS), "DH_BUILTIN_GENPARAMS"},
{ERR_FUNC(DH_F_DH_COMPUTE_KEY), "DH_compute_key"},
{ERR_FUNC(DH_F_DH_GENERATE_KEY), "DH_generate_key"},
{ERR_FUNC(DH_F_DH_GENERATE_PARAMETERS), "DH_generate_parameters"},
{ERR_FUNC(DH_F_DH_NEW_METHOD), "DH_new_method"},
{ERR_FUNC(DH_F_GENERATE_KEY), "GENERATE_KEY"},
{ERR_FUNC(DH_F_GENERATE_PARAMETERS), "GENERATE_PARAMETERS"},
@ -84,6 +87,7 @@ static ERR_STRING_DATA DH_str_reasons[]=
{
{ERR_REASON(DH_R_BAD_GENERATOR) ,"bad generator"},
{ERR_REASON(DH_R_INVALID_PUBKEY) ,"invalid public key"},
{ERR_REASON(DH_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(DH_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DH_R_NO_PRIVATE_VALUE) ,"no private value"},
{0,NULL}

4
crypto/dh/dh_gen.c
View file

@ -66,6 +66,8 @@
#include <openssl/bn.h>
#include <openssl/dh.h>
#ifndef OPENSSL_FIPS
static int dh_builtin_genparams(DH *ret, int prime_len, int generator, BN_GENCB *cb);
int DH_generate_parameters_ex(DH *ret, int prime_len, int generator, BN_GENCB *cb)
@ -173,3 +175,5 @@ err:
}
return ok;
}
#endif

4
crypto/dh/dh_key.c
View file

@ -62,6 +62,8 @@
#include <openssl/rand.h>
#include <openssl/dh.h>
#ifndef OPENSSL_FIPS
static int generate_key(DH *dh);
static int compute_key(unsigned char *key, const BIGNUM *pub_key, DH *dh);
static int dh_bn_mod_exp(const DH *dh, BIGNUM *r,
@ -261,3 +263,5 @@ static int dh_finish(DH *dh)
BN_MONT_CTX_free(dh->method_mont_p);
return(1);
}
#endif

4
crypto/dsa/Makefile
View file

@ -18,9 +18,9 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= dsa_gen.c dsa_key.c dsa_lib.c dsa_asn1.c dsa_vrf.c dsa_sign.c \
dsa_err.c dsa_ossl.c dsa_depr.c
dsa_err.c dsa_ossl.c dsa_depr.c dsa_utl.c
LIBOBJ= dsa_gen.o dsa_key.o dsa_lib.o dsa_asn1.o dsa_vrf.o dsa_sign.o \
dsa_err.o dsa_ossl.o dsa_depr.o
dsa_err.o dsa_ossl.o dsa_depr.o dsa_utl.o
SRC= $(LIBSRC)

39
crypto/dsa/dsa.h
View file

@ -88,6 +88,8 @@
# define OPENSSL_DSA_MAX_MODULUS_BITS 10000
#endif
#define OPENSSL_DSA_FIPS_MIN_MODULUS_BITS 1024
#define DSA_FLAG_CACHE_MONT_P 0x01
#define DSA_FLAG_NO_EXP_CONSTTIME 0x02 /* new with 0.9.7h; the built-in DSA
* implementation now uses constant time
@ -97,6 +99,25 @@
* be used for all exponents.
*/
/* If this flag is set the DSA method is FIPS compliant and can be used
* in FIPS mode. This is set in the validated module method. If an
* application sets this flag in its own methods it is its reposibility
* to ensure the result is compliant.
*/
#define DSA_FLAG_FIPS_METHOD 0x0400
/* If this flag is set the operations normally disabled in FIPS mode are
* permitted it is then the applications responsibility to ensure that the
* usage is compliant.
*/
#define DSA_FLAG_NON_FIPS_ALLOW 0x0400
#ifdef OPENSSL_FIPS
#define FIPS_DSA_SIZE_T int
#endif
#ifdef __cplusplus
extern "C" {
#endif
@ -189,6 +210,11 @@ void DSA_set_default_method(const DSA_METHOD *);
const DSA_METHOD *DSA_get_default_method(void);
int DSA_set_method(DSA *dsa, const DSA_METHOD *);
#ifdef OPENSSL_FIPS
DSA * FIPS_dsa_new(void);
void FIPS_dsa_free (DSA *r);
#endif
DSA * DSA_new(void);
DSA * DSA_new_method(ENGINE *engine);
void DSA_free (DSA *r);
@ -249,6 +275,11 @@ int DSA_print_fp(FILE *bp, const DSA *x, int off);
DH *DSA_dup_DH(const DSA *r);
#endif
#ifdef OPENSSL_FIPS
int FIPS_dsa_sig_encode(unsigned char *out, DSA_SIG *sig);
int FIPS_dsa_sig_decode(DSA_SIG *sig, const unsigned char *in, int inlen);
#endif
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@ -261,11 +292,16 @@ void ERR_load_DSA_strings(void);
#define DSA_F_D2I_DSA_SIG 110
#define DSA_F_DSAPARAMS_PRINT 100
#define DSA_F_DSAPARAMS_PRINT_FP 101
#define DSA_F_DSA_BUILTIN_KEYGEN 119
#define DSA_F_DSA_BUILTIN_PARAMGEN 118
#define DSA_F_DSA_DO_SIGN 112
#define DSA_F_DSA_DO_VERIFY 113
#define DSA_F_DSA_GENERATE_PARAMETERS 117
#define DSA_F_DSA_NEW_METHOD 103
#define DSA_F_DSA_PRINT 104
#define DSA_F_DSA_PRINT_FP 105
#define DSA_F_DSA_SET_DEFAULT_METHOD 115
#define DSA_F_DSA_SET_METHOD 116
#define DSA_F_DSA_SIGN 106
#define DSA_F_DSA_SIGN_SETUP 107
#define DSA_F_DSA_SIG_NEW 109
@ -276,8 +312,11 @@ void ERR_load_DSA_strings(void);
/* Reason codes. */
#define DSA_R_BAD_Q_VALUE 102
#define DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 100
#define DSA_R_KEY_SIZE_TOO_SMALL 106
#define DSA_R_MISSING_PARAMETERS 101
#define DSA_R_MODULUS_TOO_LARGE 103
#define DSA_R_NON_FIPS_METHOD 104
#define DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 105
#ifdef __cplusplus
}

80
crypto/dsa/dsa_asn1.c
View file

@ -61,6 +61,11 @@
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#include <openssl/asn1t.h>
#include <openssl/bn.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
/* Override the default new methods */
static int sig_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@ -83,7 +88,7 @@ ASN1_SEQUENCE_cb(DSA_SIG, sig_cb) = {
ASN1_SIMPLE(DSA_SIG, s, CBIGNUM)
} ASN1_SEQUENCE_END_cb(DSA_SIG, DSA_SIG)
IMPLEMENT_ASN1_FUNCTIONS_const(DSA_SIG)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA_SIG,DSA_SIG,DSA_SIG)
/* Override the default free and new methods */
static int dsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
@ -138,3 +143,76 @@ ASN1_CHOICE_cb(DSAPublicKey, dsa_cb) = {
} ASN1_CHOICE_END_cb(DSA, DSAPublicKey, write_params)
IMPLEMENT_ASN1_ENCODE_FUNCTIONS_const_fname(DSA, DSAPublicKey, DSAPublicKey)
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
{
*siglen=0;
return(0);
}
*siglen=i2d_DSA_SIG(s,&sig);
DSA_SIG_free(s);
return(1);
}
int DSA_size(const DSA *r)
{
int ret,i;
ASN1_INTEGER bs;
unsigned char buf[4]; /* 4 bytes looks really small.
However, i2d_ASN1_INTEGER() will not look
beyond the first byte, as long as the second
parameter is NULL. */
i=BN_num_bits(r->q);
bs.length=(i+7)/8;
bs.data=buf;
bs.type=V_ASN1_INTEGER;
/* If the top bit is set the asn1 encoding is 1 larger. */
buf[0]=0xff;
i=i2d_ASN1_INTEGER(&bs,NULL);
i+=i; /* r and s */
ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
return(ret);
}
/* data has already been hashed (probably with SHA or SHA-1). */
/* returns
* 1: correct signature
* 0: incorrect signature
* -1: error
*/
int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
int ret=-1;
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
s = DSA_SIG_new();
if (s == NULL) return(ret);
if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
DSA_SIG_free(s);
return(ret);
}

10
crypto/dsa/dsa_err.c
View file

@ -1,6 +1,6 @@
/* crypto/dsa/dsa_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -73,11 +73,16 @@ static ERR_STRING_DATA DSA_str_functs[]=
{ERR_FUNC(DSA_F_D2I_DSA_SIG), "d2i_DSA_SIG"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT), "DSAparams_print"},
{ERR_FUNC(DSA_F_DSAPARAMS_PRINT_FP), "DSAparams_print_fp"},
{ERR_FUNC(DSA_F_DSA_BUILTIN_KEYGEN), "DSA_BUILTIN_KEYGEN"},
{ERR_FUNC(DSA_F_DSA_BUILTIN_PARAMGEN), "DSA_BUILTIN_PARAMGEN"},
{ERR_FUNC(DSA_F_DSA_DO_SIGN), "DSA_do_sign"},
{ERR_FUNC(DSA_F_DSA_DO_VERIFY), "DSA_do_verify"},
{ERR_FUNC(DSA_F_DSA_GENERATE_PARAMETERS), "DSA_generate_parameters"},
{ERR_FUNC(DSA_F_DSA_NEW_METHOD), "DSA_new_method"},
{ERR_FUNC(DSA_F_DSA_PRINT), "DSA_print"},
{ERR_FUNC(DSA_F_DSA_PRINT_FP), "DSA_print_fp"},
{ERR_FUNC(DSA_F_DSA_SET_DEFAULT_METHOD), "DSA_set_default_method"},
{ERR_FUNC(DSA_F_DSA_SET_METHOD), "DSA_set_method"},
{ERR_FUNC(DSA_F_DSA_SIGN), "DSA_sign"},
{ERR_FUNC(DSA_F_DSA_SIGN_SETUP), "DSA_sign_setup"},
{ERR_FUNC(DSA_F_DSA_SIG_NEW), "DSA_SIG_new"},
@ -91,8 +96,11 @@ static ERR_STRING_DATA DSA_str_reasons[]=
{
{ERR_REASON(DSA_R_BAD_Q_VALUE) ,"bad q value"},
{ERR_REASON(DSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE),"data too large for key size"},
{ERR_REASON(DSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(DSA_R_MISSING_PARAMETERS) ,"missing parameters"},
{ERR_REASON(DSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(DSA_R_NON_FIPS_METHOD) ,"non fips method"},
{ERR_REASON(DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
{0,NULL}
};

3
crypto/dsa/dsa_gen.c
View file

@ -82,6 +82,8 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
#ifndef OPENSSL_FIPS
static int dsa_builtin_paramgen(DSA *ret, int bits,
unsigned char *seed_in, int seed_len,
int *counter_ret, unsigned long *h_ret, BN_GENCB *cb);
@ -320,3 +322,4 @@ err:
return ok;
}
#endif
#endif

4
crypto/dsa/dsa_key.c
View file

@ -64,6 +64,8 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#ifndef OPENSSL_FIPS
static int dsa_builtin_keygen(DSA *dsa);
int DSA_generate_key(DSA *dsa)
@ -126,3 +128,5 @@ err:
return(ok);
}
#endif
#endif

49
crypto/dsa/dsa_lib.c
View file

@ -76,6 +76,14 @@ static const DSA_METHOD *default_DSA_method = NULL;
void DSA_set_default_method(const DSA_METHOD *meth)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
{
DSAerr(DSA_F_DSA_SET_DEFAULT_METHOD, DSA_R_NON_FIPS_METHOD);
return;
}
#endif
default_DSA_method = meth;
}
@ -96,6 +104,13 @@ int DSA_set_method(DSA *dsa, const DSA_METHOD *meth)
/* NB: The caller is specifically setting a method, so it's not up to us
* to deal with which ENGINE it comes from. */
const DSA_METHOD *mtmp;
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(meth->flags & DSA_FLAG_FIPS_METHOD))
{
DSAerr(DSA_F_DSA_SET_METHOD, DSA_R_NON_FIPS_METHOD);
return 0;
}
#endif
mtmp = dsa->meth;
if (mtmp->finish) mtmp->finish(dsa);
#ifndef OPENSSL_NO_ENGINE
@ -147,6 +162,18 @@ DSA *DSA_new_method(ENGINE *engine)
}
}
#endif
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ret->meth->flags & DSA_FLAG_FIPS_METHOD))
{
DSAerr(DSA_F_DSA_NEW_METHOD, DSA_R_NON_FIPS_METHOD);
#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
#endif
OPENSSL_free(ret);
return NULL;
}
#endif
ret->pad=0;
ret->version=0;
@ -233,28 +260,6 @@ int DSA_up_ref(DSA *r)
return ((i > 1) ? 1 : 0);
}
int DSA_size(const DSA *r)
{
int ret,i;
ASN1_INTEGER bs;
unsigned char buf[4]; /* 4 bytes looks really small.
However, i2d_ASN1_INTEGER() will not look
beyond the first byte, as long as the second
parameter is NULL. */
i=BN_num_bits(r->q);
bs.length=(i+7)/8;
bs.data=buf;
bs.type=V_ASN1_INTEGER;
/* If the top bit is set the asn1 encoding is 1 larger. */
buf[0]=0xff;
i=i2d_ASN1_INTEGER(&bs,NULL);
i+=i; /* r and s */
ret=ASN1_object_size(1,i,V_ASN1_SEQUENCE);
return(ret);
}
int DSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{

3
crypto/dsa/dsa_ossl.c
View file

@ -65,6 +65,8 @@
#include <openssl/rand.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_FIPS
static DSA_SIG *dsa_do_sign(const unsigned char *dgst, int dlen, DSA *dsa);
static int dsa_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp);
static int dsa_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
@ -391,3 +393,4 @@ static int dsa_finish(DSA *dsa)
return(1);
}
#endif

31
crypto/dsa/dsa_sign.c
View file

@ -64,29 +64,32 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
DSA_SIG * DSA_do_sign(const unsigned char *dgst, int dlen, DSA *dsa)
{
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign(int type, const unsigned char *dgst, int dlen, unsigned char *sig,
unsigned int *siglen, DSA *dsa)
{
DSA_SIG *s;
s=DSA_do_sign(dgst,dlen,dsa);
if (s == NULL)
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
*siglen=0;
return(0);
DSAerr(DSA_F_DSA_DO_SIGN, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return NULL;
}
*siglen=i2d_DSA_SIG(s,&sig);
DSA_SIG_free(s);
return(1);
#endif
return dsa->meth->dsa_do_sign(dgst, dlen, dsa);
}
int DSA_sign_setup(DSA *dsa, BN_CTX *ctx_in, BIGNUM **kinvp, BIGNUM **rp)
{
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_SIGN_SETUP, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
return dsa->meth->dsa_sign_setup(dsa, ctx_in, kinvp, rp);
}

95
crypto/dsa/dsa_utl.c Normal file
View file

@ -0,0 +1,95 @@
/* crypto/dsa/dsa_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
/* Original version from Steven Schoch <schoch@sheba.arc.nasa.gov> */
#include <stdio.h>
#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/dsa.h>
#include <openssl/asn1.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
#ifndef OPENSSL_NO_DH
#include <openssl/dh.h>
#endif
DSA_SIG *DSA_SIG_new(void)
{
DSA_SIG *sig;
sig = OPENSSL_malloc(sizeof(DSA_SIG));
if (!sig)
return NULL;
sig->r = NULL;
sig->s = NULL;
return sig;
}
void DSA_SIG_free(DSA_SIG *sig)
{
if (sig)
{
if (sig->r)
BN_free(sig->r);
if (sig->s)
BN_free(sig->s);
OPENSSL_free(sig);
}
}

32
crypto/dsa/dsa_vrf.c
View file

@ -64,31 +64,21 @@
#include <openssl/dsa.h>
#include <openssl/rand.h>
#include <openssl/asn1.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#include <openssl/asn1_mac.h>
int DSA_do_verify(const unsigned char *dgst, int dgst_len, DSA_SIG *sig,
DSA *dsa)
{
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(dsa->flags & DSA_FLAG_NON_FIPS_ALLOW))
{
DSAerr(DSA_F_DSA_DO_VERIFY, DSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
return dsa->meth->dsa_do_verify(dgst, dgst_len, sig, dsa);
}
/* data has already been hashed (probably with SHA or SHA-1). */
/* returns
* 1: correct signature
* 0: incorrect signature
* -1: error
*/
int DSA_verify(int type, const unsigned char *dgst, int dgst_len,
const unsigned char *sigbuf, int siglen, DSA *dsa)
{
DSA_SIG *s;
int ret=-1;
s = DSA_SIG_new();
if (s == NULL) return(ret);
if (d2i_DSA_SIG(&s,&sigbuf,siglen) == NULL) goto err;
ret=DSA_do_verify(dgst,dgst_len,s,dsa);
err:
DSA_SIG_free(s);
return(ret);
}

4
crypto/rsa/Makefile
View file

@ -19,10 +19,10 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c
rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o
rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o
SRC= $(LIBSRC)

8
crypto/rsa/rsa.h
View file

@ -401,6 +401,8 @@ void ERR_load_RSA_strings(void);
/* Error codes for the RSA functions. */
/* Function codes. */
#define RSA_F_FIPS_RSA_SIGN 140
#define RSA_F_FIPS_RSA_VERIFY 141
#define RSA_F_MEMORY_LOCK 100
#define RSA_F_RSA_BUILTIN_KEYGEN 129
#define RSA_F_RSA_CHECK_KEY 123
@ -432,7 +434,11 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
#define RSA_F_RSA_PRIVATE_ENCRYPT 137
#define RSA_F_RSA_PUBLIC_DECRYPT 138
#define RSA_F_RSA_SETUP_BLINDING 136
#define RSA_F_RSA_SET_DEFAULT_METHOD 139
#define RSA_F_RSA_SET_METHOD 142
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
@ -466,10 +472,12 @@ void ERR_load_RSA_strings(void);
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_MODULUS_TOO_LARGE 105
#define RSA_R_NON_FIPS_METHOD 141
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129

2
crypto/rsa/rsa_eay.c
View file

@ -115,7 +115,7 @@
#include <openssl/rsa.h>
#include <openssl/rand.h>
#ifndef RSA_NULL
#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);

348
crypto/rsa/rsa_eng.c Normal file
View file

@ -0,0 +1,348 @@
/* crypto/rsa/rsa_lib.c */
/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
* All rights reserved.
*
* This package is an SSL implementation written
* by Eric Young (eay@cryptsoft.com).
* The implementation was written so as to conform with Netscapes SSL.
*
* This library is free for commercial and non-commercial use as long as
* the following conditions are aheared to. The following conditions
* apply to all code found in this distribution, be it the RC4, RSA,
* lhash, DES, etc., code; not just the SSL code. The SSL documentation
* included with this distribution is covered by the same copyright terms
* except that the holder is Tim Hudson (tjh@cryptsoft.com).
*
* Copyright remains Eric Young's, and as such any Copyright notices in
* the code are not to be removed.
* If this package is used in a product, Eric Young should be given attribution
* as the author of the parts of the library used.
* This can be in the form of a textual message at program startup or
* in documentation (online or textual) provided with the package.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. All advertising materials mentioning features or use of this software
* must display the following acknowledgement:
* "This product includes cryptographic software written by
* Eric Young (eay@cryptsoft.com)"
* The word 'cryptographic' can be left out if the rouines from the library
* being used are not cryptographic related :-).
* 4. If you include any Windows specific code (or a derivative thereof) from
* the apps directory (application code) you must include an acknowledgement:
* "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
*
* THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* The licence and distribution terms for any publically available version or
* derivative of this code cannot be changed. i.e. this code cannot simply be
* copied and put under another distribution licence
* [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/crypto.h>
#include "cryptlib.h"
#include <openssl/lhash.h>
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#ifndef OPENSSL_NO_ENGINE
#include <openssl/engine.h>
#endif
const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
static const RSA_METHOD *default_RSA_meth=NULL;
RSA *RSA_new(void)
{
RSA *r=RSA_new_method(NULL);
return r;
}
void RSA_set_default_method(const RSA_METHOD *meth)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
{
RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
return;
}
#endif
default_RSA_meth = meth;
}
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
#if 0 /* was: #ifdef RSAref */
default_RSA_meth=RSA_PKCS1_RSAref();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
#endif
}
return default_RSA_meth;
}
const RSA_METHOD *RSA_get_method(const RSA *rsa)
{
return rsa->meth;
}
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
{
/* NB: The caller is specifically setting a method, so it's not up to us
* to deal with which ENGINE it comes from. */
const RSA_METHOD *mtmp;
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
{
RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
return 0;
}
#endif
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
#ifndef OPENSSL_NO_ENGINE
if (rsa->engine)
{
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
}
#endif
rsa->meth = meth;
if (meth->init) meth->init(rsa);
return 1;
}
RSA *RSA_new_method(ENGINE *engine)
{
RSA *ret;
ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
if (ret == NULL)
{
RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
{
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
OPENSSL_free(ret);
return NULL;
}
ret->engine = engine;
}
else
ret->engine = ENGINE_get_default_RSA();
if(ret->engine)
{
ret->meth = ENGINE_get_RSA(ret->engine);
if(!ret->meth)
{
RSAerr(RSA_F_RSA_NEW_METHOD,
ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
#endif
#ifdef OPENSSL_FIPS
if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
{
RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
#endif
OPENSSL_free(ret);
return NULL;
}
#endif
ret->pad=0;
ret->version=0;
ret->n=NULL;
ret->e=NULL;
ret->d=NULL;
ret->p=NULL;
ret->q=NULL;
ret->dmp1=NULL;
ret->dmq1=NULL;
ret->iqmp=NULL;
ret->references=1;
ret->_method_mod_n=NULL;
ret->_method_mod_p=NULL;
ret->_method_mod_q=NULL;
ret->blinding=NULL;
ret->mt_blinding=NULL;
ret->bignum_data=NULL;
ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
return(ret);
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL) return;
i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"RSA_free, bad reference count\n");
abort();
}
#endif
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
OPENSSL_free(r);
}
int RSA_up_ref(RSA *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
#ifdef REF_CHECK
if (i < 2)
{
fprintf(stderr, "RSA_up_ref, bad reference count\n");
abort();
}
#endif
return ((i > 1) ? 1 : 0);
}
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
new_func, dup_func, free_func);
}
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
}
void *RSA_get_ex_data(const RSA *r, int idx)
{
return(CRYPTO_get_ex_data(&r->ex_data,idx));
}
int RSA_flags(const RSA *r)
{
return((r == NULL)?0:r->meth->flags);
}
int RSA_memory_lock(RSA *r)
{
int i,j,k,off;
char *p;
BIGNUM *bn,**t[6],*b;
BN_ULONG *ul;
if (r->d == NULL) return(1);
t[0]= &r->d;
t[1]= &r->p;
t[2]= &r->q;
t[3]= &r->dmp1;
t[4]= &r->dmq1;
t[5]= &r->iqmp;
k=sizeof(BIGNUM)*6;
off=k/sizeof(BN_ULONG)+1;
j=1;
for (i=0; i<6; i++)
j+= (*t[i])->top;
if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
{
RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
return(0);
}
bn=(BIGNUM *)p;
ul=(BN_ULONG *)&(p[off]);
for (i=0; i<6; i++)
{
b= *(t[i]);
*(t[i])= &(bn[i]);
memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
bn[i].flags=BN_FLG_STATIC_DATA;
bn[i].d=ul;
memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
ul+=b->top;
BN_clear_free(b);
}
/* I should fix this so it can still be done */
r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
r->bignum_data=p;
return(1);
}

10
crypto/rsa/rsa_err.c
View file

@ -1,6 +1,6 @@
/* crypto/rsa/rsa_err.c */
/* ====================================================================
* Copyright (c) 1999-2005 The OpenSSL Project. All rights reserved.
* Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@ -70,6 +70,8 @@
static ERR_STRING_DATA RSA_str_functs[]=
{
{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
@ -101,7 +103,11 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
@ -138,10 +144,12 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},

3
crypto/rsa/rsa_gen.c
View file

@ -68,6 +68,8 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifndef OPENSSL_FIPS
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
/* NB: this wrapper would normally be placed in rsa_lib.c and the static
@ -217,3 +219,4 @@ err:
return ok;
}
#endif

272
crypto/rsa/rsa_lib.c
View file

@ -67,215 +67,6 @@
#include <openssl/engine.h>
#endif
const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
static const RSA_METHOD *default_RSA_meth=NULL;
RSA *RSA_new(void)
{
RSA *r=RSA_new_method(NULL);
return r;
}
void RSA_set_default_method(const RSA_METHOD *meth)
{
default_RSA_meth = meth;
}
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
#if 0 /* was: #ifdef RSAref */
default_RSA_meth=RSA_PKCS1_RSAref();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
#endif
}
return default_RSA_meth;
}
const RSA_METHOD *RSA_get_method(const RSA *rsa)
{
return rsa->meth;
}
int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
{
/* NB: The caller is specifically setting a method, so it's not up to us
* to deal with which ENGINE it comes from. */
const RSA_METHOD *mtmp;
mtmp = rsa->meth;
if (mtmp->finish) mtmp->finish(rsa);
#ifndef OPENSSL_NO_ENGINE
if (rsa->engine)
{
ENGINE_finish(rsa->engine);
rsa->engine = NULL;
}
#endif
rsa->meth = meth;
if (meth->init) meth->init(rsa);
return 1;
}
RSA *RSA_new_method(ENGINE *engine)
{
RSA *ret;
ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
if (ret == NULL)
{
RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
return NULL;
}
ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
if (engine)
{
if (!ENGINE_init(engine))
{
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
OPENSSL_free(ret);
return NULL;
}
ret->engine = engine;
}
else
ret->engine = ENGINE_get_default_RSA();
if(ret->engine)
{
ret->meth = ENGINE_get_RSA(ret->engine);
if(!ret->meth)
{
RSAerr(RSA_F_RSA_NEW_METHOD,
ERR_R_ENGINE_LIB);
ENGINE_finish(ret->engine);
OPENSSL_free(ret);
return NULL;
}
}
#endif
ret->pad=0;
ret->version=0;
ret->n=NULL;
ret->e=NULL;
ret->d=NULL;
ret->p=NULL;
ret->q=NULL;
ret->dmp1=NULL;
ret->dmq1=NULL;
ret->iqmp=NULL;
ret->references=1;
ret->_method_mod_n=NULL;
ret->_method_mod_p=NULL;
ret->_method_mod_q=NULL;
ret->blinding=NULL;
ret->mt_blinding=NULL;
ret->bignum_data=NULL;
ret->flags=ret->meth->flags;
CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
#ifndef OPENSSL_NO_ENGINE
if (ret->engine)
ENGINE_finish(ret->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
OPENSSL_free(ret);
ret=NULL;
}
return(ret);
}
void RSA_free(RSA *r)
{
int i;
if (r == NULL) return;
i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
if (i > 0) return;
#ifdef REF_CHECK
if (i < 0)
{
fprintf(stderr,"RSA_free, bad reference count\n");
abort();
}
#endif
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
if (r->engine)
ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
if (r->n != NULL) BN_clear_free(r->n);
if (r->e != NULL) BN_clear_free(r->e);
if (r->d != NULL) BN_clear_free(r->d);
if (r->p != NULL) BN_clear_free(r->p);
if (r->q != NULL) BN_clear_free(r->q);
if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
OPENSSL_free(r);
}
int RSA_up_ref(RSA *r)
{
int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
#ifdef REF_PRINT
REF_PRINT("RSA",r);
#endif
#ifdef REF_CHECK
if (i < 2)
{
fprintf(stderr, "RSA_up_ref, bad reference count\n");
abort();
}
#endif
return ((i > 1) ? 1 : 0);
}
int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
{
return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
new_func, dup_func, free_func);
}
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
}
void *RSA_get_ex_data(const RSA *r, int idx)
{
return(CRYPTO_get_ex_data(&r->ex_data,idx));
}
int RSA_size(const RSA *r)
{
return(BN_num_bytes(r->n));
}
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
@ -285,6 +76,13 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
{
RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
@ -297,12 +95,19 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
{
RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
int RSA_flags(const RSA *r)
int RSA_size(const RSA *r)
{
return((r == NULL)?0:r->meth->flags);
return(BN_num_bytes(r->n));
}
void RSA_blinding_off(RSA *rsa)
@ -427,48 +232,3 @@ err:
return ret;
}
int RSA_memory_lock(RSA *r)
{
int i,j,k,off;
char *p;
BIGNUM *bn,**t[6],*b;
BN_ULONG *ul;
if (r->d == NULL) return(1);
t[0]= &r->d;
t[1]= &r->p;
t[2]= &r->q;
t[3]= &r->dmp1;
t[4]= &r->dmq1;
t[5]= &r->iqmp;
k=sizeof(BIGNUM)*6;
off=k/sizeof(BN_ULONG)+1;
j=1;
for (i=0; i<6; i++)
j+= (*t[i])->top;
if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
{
RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
return(0);
}
bn=(BIGNUM *)p;
ul=(BN_ULONG *)&(p[off]);
for (i=0; i<6; i++)
{
b= *(t[i]);
*(t[i])= &(bn[i]);
memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
bn[i].flags=BN_FLG_STATIC_DATA;
bn[i].d=ul;
memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
ul+=b->top;
BN_clear_free(b);
}
/* I should fix this so it can still be done */
r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
r->bignum_data=p;
return(1);
}

4
crypto/rsa/rsa_pss.c
View file

@ -81,7 +81,7 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
EVP_MD_CTX ctx;
unsigned char H_[EVP_MAX_MD_SIZE];
hLen = EVP_MD_size(Hash);
hLen = M_EVP_MD_size(Hash);
/*
* Negative sLen has special meanings:
* -1 sLen == hLen
@ -176,7 +176,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx;
hLen = EVP_MD_size(Hash);
hLen = M_EVP_MD_size(Hash);
/*
* Negative sLen has special meanings:
* -1 sLen == hLen

24
crypto/rsa/rsa_sign.c
View file

@ -90,6 +90,14 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
i = SSL_SIG_LENGTH;
s = m;
} else {
/* NB: in FIPS mode block anything that isn't a TLS signature */
#ifdef OPENSSL_FIPS
if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
{
RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
sig.algor= &algor;
sig.algor->algorithm=OBJ_nid2obj(type);
if (sig.algor->algorithm == NULL)
@ -167,10 +175,22 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
if(dtype == NID_md5_sha1)
{
if (m_len != SSL_SIG_LENGTH)
{
RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
}
}
}
/* NB: in FIPS mode block anything that isn't a TLS signature */
#ifdef OPENSSL_FIPS
else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
{
RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
return 0;
}
#endif
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;