aboutsummaryrefslogtreecommitdiff
path: root/openssl/crypto/rsa
diff options
context:
space:
mode:
Diffstat (limited to 'openssl/crypto/rsa')
-rw-r--r--openssl/crypto/rsa/Makefile123
-rw-r--r--openssl/crypto/rsa/rsa.h89
-rw-r--r--openssl/crypto/rsa/rsa_ameth.c349
-rw-r--r--openssl/crypto/rsa/rsa_asn1.c16
-rw-r--r--openssl/crypto/rsa/rsa_eay.c6
-rw-r--r--openssl/crypto/rsa/rsa_eng.c348
-rw-r--r--openssl/crypto/rsa/rsa_err.c29
-rw-r--r--openssl/crypto/rsa/rsa_gen.c3
-rw-r--r--openssl/crypto/rsa/rsa_lib.c283
-rw-r--r--openssl/crypto/rsa/rsa_locl.h4
-rw-r--r--openssl/crypto/rsa/rsa_oaep.c35
-rw-r--r--openssl/crypto/rsa/rsa_pmeth.c585
-rw-r--r--openssl/crypto/rsa/rsa_prn.c93
-rw-r--r--openssl/crypto/rsa/rsa_pss.c16
-rw-r--r--openssl/crypto/rsa/rsa_sign.c88
-rw-r--r--openssl/crypto/rsa/rsa_test.c2
-rw-r--r--openssl/crypto/rsa/rsa_x931g.c255
17 files changed, 1527 insertions, 797 deletions
diff --git a/openssl/crypto/rsa/Makefile b/openssl/crypto/rsa/Makefile
index 7b1fd6428..bb64223e0 100644
--- a/openssl/crypto/rsa/Makefile
+++ b/openssl/crypto/rsa/Makefile
@@ -19,10 +19,12 @@ APPS=
LIB=$(TOP)/libcrypto.a
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
- rsa_pss.c rsa_x931.c rsa_x931g.c rsa_asn1.c rsa_depr.c rsa_eng.c
+ rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c rsa_ameth.c rsa_prn.c \
+ rsa_pmeth.c
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
- rsa_pss.o rsa_x931.o rsa_x931g.o rsa_asn1.o rsa_depr.o rsa_eng.o
+ rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o rsa_ameth.o rsa_prn.o \
+ rsa_pmeth.o
SRC= $(LIBSRC)
@@ -37,7 +39,7 @@ top:
all: lib
lib: $(LIBOBJ)
- $(ARX) $(LIB) $(LIBOBJ)
+ $(AR) $(LIB) $(LIBOBJ)
$(RANLIB) $(LIB) || echo Never mind.
@touch lib
@@ -78,6 +80,22 @@ clean:
# DO NOT DELETE THIS LINE -- make depend depends on it.
+rsa_ameth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_ameth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_ameth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_ameth.o: ../../include/openssl/cms.h ../../include/openssl/crypto.h
+rsa_ameth.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
+rsa_ameth.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
+rsa_ameth.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_ameth.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_ameth.o: ../../include/openssl/objects.h
+rsa_ameth.o: ../../include/openssl/opensslconf.h
+rsa_ameth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_ameth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_ameth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_ameth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_ameth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_ameth.o: ../asn1/asn1_locl.h ../cryptlib.h rsa_ameth.c
rsa_asn1.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_asn1.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
rsa_asn1.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
@@ -114,21 +132,6 @@ rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_eay.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_eay.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_eay.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_eay.c
-rsa_eng.o: ../../e_os.h ../../include/openssl/asn1.h
-rsa_eng.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
-rsa_eng.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
-rsa_eng.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
-rsa_eng.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
-rsa_eng.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_eng.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-rsa_eng.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_eng.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_eng.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_eng.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rsa_eng.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_eng.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_eng.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-rsa_eng.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_eng.c
rsa_err.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
rsa_err.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
rsa_err.o: ../../include/openssl/err.h ../../include/openssl/lhash.h
@@ -151,15 +154,15 @@ rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_lib.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
rsa_lib.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
rsa_lib.o: ../../include/openssl/engine.h ../../include/openssl/err.h
-rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-rsa_lib.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_lib.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_lib.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_lib.o: ../../include/openssl/pkcs7.h ../../include/openssl/rand.h
-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_lib.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
-rsa_lib.o: ../../include/openssl/symhacks.h ../../include/openssl/x509.h
-rsa_lib.o: ../../include/openssl/x509_vfy.h ../cryptlib.h rsa_lib.c
+rsa_lib.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_lib.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_lib.o: ../../include/openssl/ossl_typ.h ../../include/openssl/pkcs7.h
+rsa_lib.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
+rsa_lib.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_lib.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_lib.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_lib.o: ../cryptlib.h rsa_lib.c
rsa_none.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -182,9 +185,9 @@ rsa_oaep.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_oaep.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-rsa_oaep.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_oaep.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_oaep.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_oaep.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_oaep.o: ../../include/openssl/opensslconf.h
rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_oaep.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_oaep.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -199,27 +202,50 @@ rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_pk1.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_pk1.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_pk1.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pk1.c
+rsa_pmeth.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_pmeth.o: ../../include/openssl/asn1t.h ../../include/openssl/bio.h
+rsa_pmeth.o: ../../include/openssl/bn.h ../../include/openssl/buffer.h
+rsa_pmeth.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_pmeth.o: ../../include/openssl/ec.h ../../include/openssl/ecdh.h
+rsa_pmeth.o: ../../include/openssl/ecdsa.h ../../include/openssl/err.h
+rsa_pmeth.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pmeth.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pmeth.o: ../../include/openssl/opensslconf.h
+rsa_pmeth.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_pmeth.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
+rsa_pmeth.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
+rsa_pmeth.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_pmeth.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
+rsa_pmeth.o: ../cryptlib.h ../evp/evp_locl.h rsa_locl.h rsa_pmeth.c
+rsa_prn.o: ../../e_os.h ../../include/openssl/asn1.h
+rsa_prn.o: ../../include/openssl/bio.h ../../include/openssl/buffer.h
+rsa_prn.o: ../../include/openssl/crypto.h ../../include/openssl/e_os2.h
+rsa_prn.o: ../../include/openssl/err.h ../../include/openssl/evp.h
+rsa_prn.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_prn.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
+rsa_prn.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
+rsa_prn.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_prn.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
+rsa_prn.o: ../cryptlib.h rsa_prn.c
rsa_pss.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_pss.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_pss.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_pss.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/fips.h
-rsa_pss.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
-rsa_pss.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
-rsa_pss.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_pss.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
-rsa_pss.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
-rsa_pss.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_pss.o: ../cryptlib.h rsa_pss.c
+rsa_pss.o: ../../include/openssl/evp.h ../../include/openssl/lhash.h
+rsa_pss.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
+rsa_pss.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h
+rsa_pss.o: ../../include/openssl/ossl_typ.h ../../include/openssl/rand.h
+rsa_pss.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
+rsa_pss.o: ../../include/openssl/sha.h ../../include/openssl/stack.h
+rsa_pss.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_pss.c
rsa_saos.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_saos.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_saos.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
rsa_saos.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
rsa_saos.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_saos.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rsa_saos.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_saos.o: ../../include/openssl/opensslconf.h
+rsa_saos.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_saos.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_saos.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_saos.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
rsa_saos.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
@@ -232,15 +258,14 @@ rsa_sign.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
rsa_sign.o: ../../include/openssl/e_os2.h ../../include/openssl/ec.h
rsa_sign.o: ../../include/openssl/ecdh.h ../../include/openssl/ecdsa.h
rsa_sign.o: ../../include/openssl/err.h ../../include/openssl/evp.h
-rsa_sign.o: ../../include/openssl/fips.h ../../include/openssl/lhash.h
-rsa_sign.o: ../../include/openssl/obj_mac.h ../../include/openssl/objects.h
-rsa_sign.o: ../../include/openssl/opensslconf.h
+rsa_sign.o: ../../include/openssl/lhash.h ../../include/openssl/obj_mac.h
+rsa_sign.o: ../../include/openssl/objects.h ../../include/openssl/opensslconf.h
rsa_sign.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_sign.o: ../../include/openssl/pkcs7.h ../../include/openssl/rsa.h
rsa_sign.o: ../../include/openssl/safestack.h ../../include/openssl/sha.h
rsa_sign.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
rsa_sign.o: ../../include/openssl/x509.h ../../include/openssl/x509_vfy.h
-rsa_sign.o: ../cryptlib.h rsa_sign.c
+rsa_sign.o: ../cryptlib.h rsa_locl.h rsa_sign.c
rsa_ssl.o: ../../e_os.h ../../include/openssl/asn1.h
rsa_ssl.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
@@ -260,11 +285,3 @@ rsa_x931.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
rsa_x931.o: ../../include/openssl/rand.h ../../include/openssl/rsa.h
rsa_x931.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h
rsa_x931.o: ../../include/openssl/symhacks.h ../cryptlib.h rsa_x931.c
-rsa_x931g.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h
-rsa_x931g.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
-rsa_x931g.o: ../../include/openssl/e_os2.h ../../include/openssl/err.h
-rsa_x931g.o: ../../include/openssl/lhash.h ../../include/openssl/opensslconf.h
-rsa_x931g.o: ../../include/openssl/opensslv.h ../../include/openssl/ossl_typ.h
-rsa_x931g.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h
-rsa_x931g.o: ../../include/openssl/stack.h ../../include/openssl/symhacks.h
-rsa_x931g.o: rsa_x931g.c
diff --git a/openssl/crypto/rsa/rsa.h b/openssl/crypto/rsa/rsa.h
index 5bb932ae1..cf7434365 100644
--- a/openssl/crypto/rsa/rsa.h
+++ b/openssl/crypto/rsa/rsa.h
@@ -74,25 +74,6 @@
#error RSA is disabled.
#endif
-/* If this flag is set the RSA method is FIPS compliant and can be used
- * in FIPS mode. This is set in the validated module method. If an
- * application sets this flag in its own methods it is its reposibility
- * to ensure the result is compliant.
- */
-
-#define RSA_FLAG_FIPS_METHOD 0x0400
-
-/* If this flag is set the operations normally disabled in FIPS mode are
- * permitted it is then the applications responsibility to ensure that the
- * usage is compliant.
- */
-
-#define RSA_FLAG_NON_FIPS_ALLOW 0x0400
-
-#ifdef OPENSSL_FIPS
-#define FIPS_RSA_SIZE_T int
-#endif
-
#ifdef __cplusplus
extern "C" {
#endif
@@ -136,7 +117,8 @@ struct rsa_meth_st
unsigned char *sigret, unsigned int *siglen, const RSA *rsa);
int (*rsa_verify)(int dtype,
const unsigned char *m, unsigned int m_length,
- unsigned char *sigbuf, unsigned int siglen, const RSA *rsa);
+ const unsigned char *sigbuf, unsigned int siglen,
+ const RSA *rsa);
/* If this callback is NULL, the builtin software RSA key-gen will be used. This
* is for behavioural compatibility whilst the code gets rewired, but one day
* it would be nice to assume there are no such things as "builtin software"
@@ -182,8 +164,6 @@ struct rsa_st
# define OPENSSL_RSA_MAX_MODULUS_BITS 16384
#endif
-#define OPENSSL_RSA_FIPS_MIN_MODULUS_BITS 1024
-
#ifndef OPENSSL_RSA_SMALL_MODULUS_BITS
# define OPENSSL_RSA_SMALL_MODULUS_BITS 3072
#endif
@@ -238,11 +218,37 @@ struct rsa_st
#endif
+#define EVP_PKEY_CTX_set_rsa_padding(ctx, pad) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, -1, EVP_PKEY_CTRL_RSA_PADDING, \
+ pad, NULL)
+
+#define EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, len) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, \
+ (EVP_PKEY_OP_SIGN|EVP_PKEY_OP_VERIFY), \
+ EVP_PKEY_CTRL_RSA_PSS_SALTLEN, \
+ len, NULL)
+
+#define EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, bits) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+ EVP_PKEY_CTRL_RSA_KEYGEN_BITS, bits, NULL)
+
+#define EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp) \
+ EVP_PKEY_CTX_ctrl(ctx, EVP_PKEY_RSA, EVP_PKEY_OP_KEYGEN, \
+ EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP, 0, pubexp)
+
+#define EVP_PKEY_CTRL_RSA_PADDING (EVP_PKEY_ALG_CTRL + 1)
+#define EVP_PKEY_CTRL_RSA_PSS_SALTLEN (EVP_PKEY_ALG_CTRL + 2)
+
+#define EVP_PKEY_CTRL_RSA_KEYGEN_BITS (EVP_PKEY_ALG_CTRL + 3)
+#define EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP (EVP_PKEY_ALG_CTRL + 4)
+
#define RSA_PKCS1_PADDING 1
#define RSA_SSLV23_PADDING 2
#define RSA_NO_PADDING 3
#define RSA_PKCS1_OAEP_PADDING 4
#define RSA_X931_PADDING 5
+/* EVP_PKEY_ only */
+#define RSA_PKCS1_PSS_PADDING 6
#define RSA_PKCS1_PADDING_SIZE 11
@@ -261,11 +267,6 @@ RSA * RSA_generate_key(int bits, unsigned long e,void
/* New version */
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
- const BIGNUM *e, BN_GENCB *cb);
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb);
int RSA_check_key(const RSA *);
/* next 4 return -1 on error */
@@ -283,11 +284,6 @@ int RSA_up_ref(RSA *r);
int RSA_flags(const RSA *r);
-#ifdef OPENSSL_FIPS
-RSA *FIPS_rsa_new(void);
-void FIPS_rsa_free(RSA *r);
-#endif
-
void RSA_set_default_method(const RSA_METHOD *meth);
const RSA_METHOD *RSA_get_default_method(void);
const RSA_METHOD *RSA_get_method(const RSA *rsa);
@@ -333,7 +329,7 @@ RSA *d2i_Netscape_RSA(RSA **a, const unsigned char **pp, long length,
int RSA_sign(int type, const unsigned char *m, unsigned int m_length,
unsigned char *sigret, unsigned int *siglen, RSA *rsa);
int RSA_verify(int type, const unsigned char *m, unsigned int m_length,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
+ const unsigned char *sigbuf, unsigned int siglen, RSA *rsa);
/* The following 2 function sign and verify a ASN1_OCTET_STRING
* object inside PKCS#1 padded RSA encryption */
@@ -401,9 +397,15 @@ void ERR_load_RSA_strings(void);
/* Error codes for the RSA functions. */
/* Function codes. */
-#define RSA_F_FIPS_RSA_SIGN 140
-#define RSA_F_FIPS_RSA_VERIFY 141
+#define RSA_F_CHECK_PADDING_MD 140
+#define RSA_F_DO_RSA_PRINT 146
+#define RSA_F_INT_RSA_VERIFY 145
#define RSA_F_MEMORY_LOCK 100
+#define RSA_F_OLD_RSA_PRIV_DECODE 147
+#define RSA_F_PKEY_RSA_CTRL 143
+#define RSA_F_PKEY_RSA_CTRL_STR 144
+#define RSA_F_PKEY_RSA_SIGN 142
+#define RSA_F_PKEY_RSA_VERIFYRECOVER 141
#define RSA_F_RSA_BUILTIN_KEYGEN 129
#define RSA_F_RSA_CHECK_KEY 123
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
@@ -434,11 +436,10 @@ void ERR_load_RSA_strings(void);
#define RSA_F_RSA_PADDING_CHECK_X931 128
#define RSA_F_RSA_PRINT 115
#define RSA_F_RSA_PRINT_FP 116
-#define RSA_F_RSA_PRIVATE_ENCRYPT 137
-#define RSA_F_RSA_PUBLIC_DECRYPT 138
+#define RSA_F_RSA_PRIV_DECODE 137
+#define RSA_F_RSA_PRIV_ENCODE 138
+#define RSA_F_RSA_PUB_DECODE 139
#define RSA_F_RSA_SETUP_BLINDING 136
-#define RSA_F_RSA_SET_DEFAULT_METHOD 139
-#define RSA_F_RSA_SET_METHOD 142
#define RSA_F_RSA_SIGN 117
#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
#define RSA_F_RSA_VERIFY 119
@@ -464,20 +465,25 @@ void ERR_load_RSA_strings(void);
#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
#define RSA_R_FIRST_OCTET_INVALID 133
+#define RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE 144
+#define RSA_R_INVALID_DIGEST_LENGTH 143
#define RSA_R_INVALID_HEADER 137
+#define RSA_R_INVALID_KEYBITS 145
#define RSA_R_INVALID_MESSAGE_LENGTH 131
#define RSA_R_INVALID_PADDING 138
+#define RSA_R_INVALID_PADDING_MODE 141
+#define RSA_R_INVALID_PSS_SALTLEN 146
#define RSA_R_INVALID_TRAILER 139
+#define RSA_R_INVALID_X931_DIGEST 142
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
#define RSA_R_KEY_SIZE_TOO_SMALL 120
#define RSA_R_LAST_OCTET_INVALID 134
#define RSA_R_MODULUS_TOO_LARGE 105
-#define RSA_R_NON_FIPS_METHOD 141
#define RSA_R_NO_PUBLIC_EXPONENT 140
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
#define RSA_R_N_DOES_NOT_EQUAL_P_Q 127
#define RSA_R_OAEP_DECODING_ERROR 121
-#define RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE 142
+#define RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE 148
#define RSA_R_PADDING_CHECK_FAILED 114
#define RSA_R_P_NOT_PRIME 128
#define RSA_R_Q_NOT_PRIME 129
@@ -488,6 +494,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
#define RSA_R_UNKNOWN_PADDING_TYPE 118
+#define RSA_R_VALUE_MISSING 147
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
#ifdef __cplusplus
diff --git a/openssl/crypto/rsa/rsa_ameth.c b/openssl/crypto/rsa/rsa_ameth.c
new file mode 100644
index 000000000..8c3209885
--- /dev/null
+++ b/openssl/crypto/rsa/rsa_ameth.c
@@ -0,0 +1,349 @@
+/* crypto/rsa/rsa_ameth.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#ifndef OPENSSL_NO_CMS
+#include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
+
+static int rsa_pub_encode(X509_PUBKEY *pk, const EVP_PKEY *pkey)
+ {
+ unsigned char *penc = NULL;
+ int penclen;
+ penclen = i2d_RSAPublicKey(pkey->pkey.rsa, &penc);
+ if (penclen <= 0)
+ return 0;
+ if (X509_PUBKEY_set0_param(pk, OBJ_nid2obj(EVP_PKEY_RSA),
+ V_ASN1_NULL, NULL, penc, penclen))
+ return 1;
+
+ OPENSSL_free(penc);
+ return 0;
+ }
+
+static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
+ {
+ const unsigned char *p;
+ int pklen;
+ RSA *rsa = NULL;
+ if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
+ return 0;
+ if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen)))
+ {
+ RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
+ return 0;
+ }
+ EVP_PKEY_assign_RSA (pkey, rsa);
+ return 1;
+ }
+
+static int rsa_pub_cmp(const EVP_PKEY *a, const EVP_PKEY *b)
+ {
+ if (BN_cmp(b->pkey.rsa->n,a->pkey.rsa->n) != 0
+ || BN_cmp(b->pkey.rsa->e,a->pkey.rsa->e) != 0)
+ return 0;
+ return 1;
+ }
+
+static int old_rsa_priv_decode(EVP_PKEY *pkey,
+ const unsigned char **pder, int derlen)
+ {
+ RSA *rsa;
+ if (!(rsa = d2i_RSAPrivateKey (NULL, pder, derlen)))
+ {
+ RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
+ return 0;
+ }
+ EVP_PKEY_assign_RSA(pkey, rsa);
+ return 1;
+ }
+
+static int old_rsa_priv_encode(const EVP_PKEY *pkey, unsigned char **pder)
+ {
+ return i2d_RSAPrivateKey(pkey->pkey.rsa, pder);
+ }
+
+static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
+ {
+ unsigned char *rk = NULL;
+ int rklen;
+ rklen = i2d_RSAPrivateKey(pkey->pkey.rsa, &rk);
+
+ if (rklen <= 0)
+ {
+ RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (!PKCS8_pkey_set0(p8, OBJ_nid2obj(NID_rsaEncryption), 0,
+ V_ASN1_NULL, NULL, rk, rklen))
+ {
+ RSAerr(RSA_F_RSA_PRIV_ENCODE,ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ return 1;
+ }
+
+static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
+ {
+ const unsigned char *p;
+ int pklen;
+ if (!PKCS8_pkey_get0(NULL, &p, &pklen, NULL, p8))
+ return 0;
+ return old_rsa_priv_decode(pkey, &p, pklen);
+ }
+
+static int int_rsa_size(const EVP_PKEY *pkey)
+ {
+ return RSA_size(pkey->pkey.rsa);
+ }
+
+static int rsa_bits(const EVP_PKEY *pkey)
+ {
+ return BN_num_bits(pkey->pkey.rsa->n);
+ }
+
+static void int_rsa_free(EVP_PKEY *pkey)
+ {
+ RSA_free(pkey->pkey.rsa);
+ }
+
+
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
+ {
+ size_t i;
+ if (!b)
+ return;
+ if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+ *pbuflen = i;
+ }
+
+static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
+ {
+ char *str;
+ const char *s;
+ unsigned char *m=NULL;
+ int ret=0, mod_len = 0;
+ size_t buf_len=0;
+
+ update_buflen(x->n, &buf_len);
+ update_buflen(x->e, &buf_len);
+
+ if (priv)
+ {
+ update_buflen(x->d, &buf_len);
+ update_buflen(x->p, &buf_len);
+ update_buflen(x->q, &buf_len);
+ update_buflen(x->dmp1, &buf_len);
+ update_buflen(x->dmq1, &buf_len);
+ update_buflen(x->iqmp, &buf_len);
+ }
+
+ m=(unsigned char *)OPENSSL_malloc(buf_len+10);
+ if (m == NULL)
+ {
+ RSAerr(RSA_F_DO_RSA_PRINT,ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
+
+ if (x->n != NULL)
+ mod_len = BN_num_bits(x->n);
+
+ if(!BIO_indent(bp,off,128))
+ goto err;
+
+ if (priv && x->d)
+ {
+ if (BIO_printf(bp,"Private-Key: (%d bit)\n", mod_len)
+ <= 0) goto err;
+ str = "modulus:";
+ s = "publicExponent:";
+ }
+ else
+ {
+ if (BIO_printf(bp,"Public-Key: (%d bit)\n", mod_len)
+ <= 0) goto err;
+ str = "Modulus:";
+ s= "Exponent:";
+ }
+ if (!ASN1_bn_print(bp,str,x->n,m,off)) goto err;
+ if (!ASN1_bn_print(bp,s,x->e,m,off))
+ goto err;
+ if (priv)
+ {
+ if (!ASN1_bn_print(bp,"privateExponent:",x->d,m,off))
+ goto err;
+ if (!ASN1_bn_print(bp,"prime1:",x->p,m,off))
+ goto err;
+ if (!ASN1_bn_print(bp,"prime2:",x->q,m,off))
+ goto err;
+ if (!ASN1_bn_print(bp,"exponent1:",x->dmp1,m,off))
+ goto err;
+ if (!ASN1_bn_print(bp,"exponent2:",x->dmq1,m,off))
+ goto err;
+ if (!ASN1_bn_print(bp,"coefficient:",x->iqmp,m,off))
+ goto err;
+ }
+ ret=1;
+err:
+ if (m != NULL) OPENSSL_free(m);
+ return(ret);
+ }
+
+static int rsa_pub_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *ctx)
+ {
+ return do_rsa_print(bp, pkey->pkey.rsa, indent, 0);
+ }
+
+
+static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
+ ASN1_PCTX *ctx)
+ {
+ return do_rsa_print(bp, pkey->pkey.rsa, indent, 1);
+ }
+
+
+static int rsa_pkey_ctrl(EVP_PKEY *pkey, int op, long arg1, void *arg2)
+ {
+ X509_ALGOR *alg = NULL;
+ switch (op)
+ {
+
+ case ASN1_PKEY_CTRL_PKCS7_SIGN:
+ if (arg1 == 0)
+ PKCS7_SIGNER_INFO_get0_algs(arg2, NULL, NULL, &alg);
+ break;
+
+ case ASN1_PKEY_CTRL_PKCS7_ENCRYPT:
+ if (arg1 == 0)
+ PKCS7_RECIP_INFO_get0_alg(arg2, &alg);
+ break;
+#ifndef OPENSSL_NO_CMS
+ case ASN1_PKEY_CTRL_CMS_SIGN:
+ if (arg1 == 0)
+ CMS_SignerInfo_get0_algs(arg2, NULL, NULL, NULL, &alg);
+ break;
+
+ case ASN1_PKEY_CTRL_CMS_ENVELOPE:
+ if (arg1 == 0)
+ CMS_RecipientInfo_ktri_get0_algs(arg2, NULL, NULL, &alg);
+ break;
+#endif
+
+ case ASN1_PKEY_CTRL_DEFAULT_MD_NID:
+ *(int *)arg2 = NID_sha1;
+ return 1;
+
+ default:
+ return -2;
+
+ }
+
+ if (alg)
+ X509_ALGOR_set0(alg, OBJ_nid2obj(NID_rsaEncryption),
+ V_ASN1_NULL, 0);
+
+ return 1;
+
+ }
+
+
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] =
+ {
+ {
+ EVP_PKEY_RSA,
+ EVP_PKEY_RSA,
+ ASN1_PKEY_SIGPARAM_NULL,
+
+ "RSA",
+ "OpenSSL RSA method",
+
+ rsa_pub_decode,
+ rsa_pub_encode,
+ rsa_pub_cmp,
+ rsa_pub_print,
+
+ rsa_priv_decode,
+ rsa_priv_encode,
+ rsa_priv_print,
+
+ int_rsa_size,
+ rsa_bits,
+
+ 0,0,0,0,0,0,
+
+ int_rsa_free,
+ rsa_pkey_ctrl,
+ old_rsa_priv_decode,
+ old_rsa_priv_encode
+ },
+
+ {
+ EVP_PKEY_RSA2,
+ EVP_PKEY_RSA,
+ ASN1_PKEY_ALIAS
+ }
+ };
diff --git a/openssl/crypto/rsa/rsa_asn1.c b/openssl/crypto/rsa/rsa_asn1.c
index 6e8a803e8..4efca8cdc 100644
--- a/openssl/crypto/rsa/rsa_asn1.c
+++ b/openssl/crypto/rsa/rsa_asn1.c
@@ -3,7 +3,7 @@
* project 2000.
*/
/* ====================================================================
- * Copyright (c) 2000 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -62,19 +62,9 @@
#include <openssl/rsa.h>
#include <openssl/asn1t.h>
-static ASN1_METHOD method={
- (I2D_OF(void)) i2d_RSAPrivateKey,
- (D2I_OF(void)) d2i_RSAPrivateKey,
- (void *(*)(void)) RSA_new,
- (void (*)(void *)) RSA_free};
-
-ASN1_METHOD *RSAPrivateKey_asn1_meth(void)
- {
- return(&method);
- }
-
/* Override the default free and new methods */
-static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it)
+static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
+ void *exarg)
{
if(operation == ASN1_OP_NEW_PRE) {
*pval = (ASN1_VALUE *)RSA_new();
diff --git a/openssl/crypto/rsa/rsa_eay.c b/openssl/crypto/rsa/rsa_eay.c
index 0ac641844..c5eaeeae6 100644
--- a/openssl/crypto/rsa/rsa_eay.c
+++ b/openssl/crypto/rsa/rsa_eay.c
@@ -115,7 +115,7 @@
#include <openssl/rsa.h>
#include <openssl/rand.h>
-#if !defined(RSA_NULL) && !defined(OPENSSL_FIPS)
+#ifndef RSA_NULL
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa,int padding);
@@ -256,6 +256,7 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
{
BN_BLINDING *ret;
int got_write_lock = 0;
+ CRYPTO_THREADID cur;
CRYPTO_r_lock(CRYPTO_LOCK_RSA);
@@ -273,7 +274,8 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
if (ret == NULL)
goto err;
- if (BN_BLINDING_get_thread_id(ret) == CRYPTO_thread_id())
+ CRYPTO_THREADID_current(&cur);
+ if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret)))
{
/* rsa->blinding is ours! */
diff --git a/openssl/crypto/rsa/rsa_eng.c b/openssl/crypto/rsa/rsa_eng.c
deleted file mode 100644
index 383a7045b..000000000
--- a/openssl/crypto/rsa/rsa_eng.c
+++ /dev/null
@@ -1,348 +0,0 @@
-/* crypto/rsa/rsa_lib.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <openssl/crypto.h>
-#include "cryptlib.h"
-#include <openssl/lhash.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-#include <openssl/rand.h>
-#ifndef OPENSSL_NO_ENGINE
-#include <openssl/engine.h>
-#endif
-
-const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
-
-static const RSA_METHOD *default_RSA_meth=NULL;
-
-RSA *RSA_new(void)
- {
- RSA *r=RSA_new_method(NULL);
-
- return r;
- }
-
-void RSA_set_default_method(const RSA_METHOD *meth)
- {
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
- {
- RSAerr(RSA_F_RSA_SET_DEFAULT_METHOD, RSA_R_NON_FIPS_METHOD);
- return;
- }
-#endif
- default_RSA_meth = meth;
- }
-
-const RSA_METHOD *RSA_get_default_method(void)
- {
- if (default_RSA_meth == NULL)
- {
-#ifdef RSA_NULL
- default_RSA_meth=RSA_null_method();
-#else
-#if 0 /* was: #ifdef RSAref */
- default_RSA_meth=RSA_PKCS1_RSAref();
-#else
- default_RSA_meth=RSA_PKCS1_SSLeay();
-#endif
-#endif
- }
-
- return default_RSA_meth;
- }
-
-const RSA_METHOD *RSA_get_method(const RSA *rsa)
- {
- return rsa->meth;
- }
-
-int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
- {
- /* NB: The caller is specifically setting a method, so it's not up to us
- * to deal with which ENGINE it comes from. */
- const RSA_METHOD *mtmp;
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(meth->flags & RSA_FLAG_FIPS_METHOD))
- {
- RSAerr(RSA_F_RSA_SET_METHOD, RSA_R_NON_FIPS_METHOD);
- return 0;
- }
-#endif
- mtmp = rsa->meth;
- if (mtmp->finish) mtmp->finish(rsa);
-#ifndef OPENSSL_NO_ENGINE
- if (rsa->engine)
- {
- ENGINE_finish(rsa->engine);
- rsa->engine = NULL;
- }
-#endif
- rsa->meth = meth;
- if (meth->init) meth->init(rsa);
- return 1;
- }
-
-RSA *RSA_new_method(ENGINE *engine)
- {
- RSA *ret;
-
- ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
- if (ret == NULL)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
- return NULL;
- }
-
- ret->meth = RSA_get_default_method();
-#ifndef OPENSSL_NO_ENGINE
- if (engine)
- {
- if (!ENGINE_init(engine))
- {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- OPENSSL_free(ret);
- return NULL;
- }
- ret->engine = engine;
- }
- else
- ret->engine = ENGINE_get_default_RSA();
- if(ret->engine)
- {
- ret->meth = ENGINE_get_RSA(ret->engine);
- if(!ret->meth)
- {
- RSAerr(RSA_F_RSA_NEW_METHOD,
- ERR_R_ENGINE_LIB);
- ENGINE_finish(ret->engine);
- OPENSSL_free(ret);
- return NULL;
- }
- }
-#endif
-#ifdef OPENSSL_FIPS
- if (FIPS_mode() && !(ret->meth->flags & RSA_FLAG_FIPS_METHOD))
- {
- RSAerr(RSA_F_RSA_NEW_METHOD, RSA_R_NON_FIPS_METHOD);
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- OPENSSL_free(ret);
- return NULL;
- }
-#endif
-
- ret->pad=0;
- ret->version=0;
- ret->n=NULL;
- ret->e=NULL;
- ret->d=NULL;
- ret->p=NULL;
- ret->q=NULL;
- ret->dmp1=NULL;
- ret->dmq1=NULL;
- ret->iqmp=NULL;
- ret->references=1;
- ret->_method_mod_n=NULL;
- ret->_method_mod_p=NULL;
- ret->_method_mod_q=NULL;
- ret->blinding=NULL;
- ret->mt_blinding=NULL;
- ret->bignum_data=NULL;
- ret->flags=ret->meth->flags;
- CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- if ((ret->meth->init != NULL) && !ret->meth->init(ret))
- {
-#ifndef OPENSSL_NO_ENGINE
- if (ret->engine)
- ENGINE_finish(ret->engine);
-#endif
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
- OPENSSL_free(ret);
- ret=NULL;
- }
- return(ret);
- }
-
-void RSA_free(RSA *r)
- {
- int i;
-
- if (r == NULL) return;
-
- i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
- REF_PRINT("RSA",r);
-#endif
- if (i > 0) return;
-#ifdef REF_CHECK
- if (i < 0)
- {
- fprintf(stderr,"RSA_free, bad reference count\n");
- abort();
- }
-#endif
-
- if (r->meth->finish)
- r->meth->finish(r);
-#ifndef OPENSSL_NO_ENGINE
- if (r->engine)
- ENGINE_finish(r->engine);
-#endif
-
- CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
-
- if (r->n != NULL) BN_clear_free(r->n);
- if (r->e != NULL) BN_clear_free(r->e);
- if (r->d != NULL) BN_clear_free(r->d);
- if (r->p != NULL) BN_clear_free(r->p);
- if (r->q != NULL) BN_clear_free(r->q);
- if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
- if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
- if (r->iqmp != NULL) BN_clear_free(r->iqmp);
- if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
- if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
- if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
- OPENSSL_free(r);
- }
-
-int RSA_up_ref(RSA *r)
- {
- int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
-#ifdef REF_PRINT
- REF_PRINT("RSA",r);
-#endif
-#ifdef REF_CHECK
- if (i < 2)
- {
- fprintf(stderr, "RSA_up_ref, bad reference count\n");
- abort();
- }
-#endif
- return ((i > 1) ? 1 : 0);
- }
-
-int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
- CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
- {
- return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
- new_func, dup_func, free_func);
- }
-
-int RSA_set_ex_data(RSA *r, int idx, void *arg)
- {
- return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
- }
-
-void *RSA_get_ex_data(const RSA *r, int idx)
- {
- return(CRYPTO_get_ex_data(&r->ex_data,idx));
- }
-
-int RSA_flags(const RSA *r)
- {
- return((r == NULL)?0:r->meth->flags);
- }
-
-int RSA_memory_lock(RSA *r)
- {
- int i,j,k,off;
- char *p;
- BIGNUM *bn,**t[6],*b;
- BN_ULONG *ul;
-
- if (r->d == NULL) return(1);
- t[0]= &r->d;
- t[1]= &r->p;
- t[2]= &r->q;
- t[3]= &r->dmp1;
- t[4]= &r->dmq1;
- t[5]= &r->iqmp;
- k=sizeof(BIGNUM)*6;
- off=k/sizeof(BN_ULONG)+1;
- j=1;
- for (i=0; i<6; i++)
- j+= (*t[i])->top;
- if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
- {
- RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
- return(0);
- }
- bn=(BIGNUM *)p;
- ul=(BN_ULONG *)&(p[off]);
- for (i=0; i<6; i++)
- {
- b= *(t[i]);
- *(t[i])= &(bn[i]);
- memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
- bn[i].flags=BN_FLG_STATIC_DATA;
- bn[i].d=ul;
- memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
- ul+=b->top;
- BN_clear_free(b);
- }
-
- /* I should fix this so it can still be done */
- r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
-
- r->bignum_data=p;
- return(1);
- }
diff --git a/openssl/crypto/rsa/rsa_err.c b/openssl/crypto/rsa/rsa_err.c
index 501f5ea38..cf9f1106b 100644
--- a/openssl/crypto/rsa/rsa_err.c
+++ b/openssl/crypto/rsa/rsa_err.c
@@ -1,6 +1,6 @@
/* crypto/rsa/rsa_err.c */
/* ====================================================================
- * Copyright (c) 1999-2007 The OpenSSL Project. All rights reserved.
+ * Copyright (c) 1999-2008 The OpenSSL Project. All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
@@ -70,9 +70,15 @@
static ERR_STRING_DATA RSA_str_functs[]=
{
-{ERR_FUNC(RSA_F_FIPS_RSA_SIGN), "FIPS_RSA_SIGN"},
-{ERR_FUNC(RSA_F_FIPS_RSA_VERIFY), "FIPS_RSA_VERIFY"},
+{ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
+{ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
+{ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
+{ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
+{ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
+{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
+{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
{ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
@@ -103,11 +109,10 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
-{ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
-{ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
+{ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
+{ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
+{ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
-{ERR_FUNC(RSA_F_RSA_SET_DEFAULT_METHOD), "RSA_set_default_method"},
-{ERR_FUNC(RSA_F_RSA_SET_METHOD), "RSA_set_method"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING), "RSA_sign_ASN1_OCTET_STRING"},
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
@@ -136,20 +141,25 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
+{ERR_REASON(RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE),"illegal or unsupported padding mode"},
+{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
+{ERR_REASON(RSA_R_INVALID_KEYBITS) ,"invalid keybits"},
{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_PADDING_MODE) ,"invalid padding mode"},
+{ERR_REASON(RSA_R_INVALID_PSS_SALTLEN) ,"invalid pss saltlen"},
{ERR_REASON(RSA_R_INVALID_TRAILER) ,"invalid trailer"},
+{ERR_REASON(RSA_R_INVALID_X931_DIGEST) ,"invalid x931 digest"},
{ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL) ,"key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID) ,"last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE) ,"modulus too large"},
-{ERR_REASON(RSA_R_NON_FIPS_METHOD) ,"non fips method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT) ,"no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q) ,"n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR) ,"oaep decoding error"},
-{ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),"operation not allowed in fips mode"},
+{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED) ,"padding check failed"},
{ERR_REASON(RSA_R_P_NOT_PRIME) ,"p not prime"},
{ERR_REASON(RSA_R_Q_NOT_PRIME) ,"q not prime"},
@@ -160,6 +170,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD),"the asn1 object identifier is not known for this md"},
{ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE) ,"unknown padding type"},
+{ERR_REASON(RSA_R_VALUE_MISSING) ,"value missing"},
{ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
{0,NULL}
};
diff --git a/openssl/crypto/rsa/rsa_gen.c b/openssl/crypto/rsa/rsa_gen.c
index 41278f83c..767f7ab68 100644
--- a/openssl/crypto/rsa/rsa_gen.c
+++ b/openssl/crypto/rsa/rsa_gen.c
@@ -68,8 +68,6 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
-#ifndef OPENSSL_FIPS
-
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb);
/* NB: this wrapper would normally be placed in rsa_lib.c and the static
@@ -219,4 +217,3 @@ err:
return ok;
}
-#endif
diff --git a/openssl/crypto/rsa/rsa_lib.c b/openssl/crypto/rsa/rsa_lib.c
index 5714841f4..de45088d7 100644
--- a/openssl/crypto/rsa/rsa_lib.c
+++ b/openssl/crypto/rsa/rsa_lib.c
@@ -67,6 +67,224 @@
#include <openssl/engine.h>
#endif
+const char RSA_version[]="RSA" OPENSSL_VERSION_PTEXT;
+
+static const RSA_METHOD *default_RSA_meth=NULL;
+
+RSA *RSA_new(void)
+ {
+ RSA *r=RSA_new_method(NULL);
+
+ return r;
+ }
+
+void RSA_set_default_method(const RSA_METHOD *meth)
+ {
+ default_RSA_meth = meth;
+ }
+
+const RSA_METHOD *RSA_get_default_method(void)
+ {
+ if (default_RSA_meth == NULL)
+ {
+#ifdef RSA_NULL
+ default_RSA_meth=RSA_null_method();
+#else
+#if 0 /* was: #ifdef RSAref */
+ default_RSA_meth=RSA_PKCS1_RSAref();
+#else
+ default_RSA_meth=RSA_PKCS1_SSLeay();
+#endif
+#endif
+ }
+
+ return default_RSA_meth;
+ }
+
+const RSA_METHOD *RSA_get_method(const RSA *rsa)
+ {
+ return rsa->meth;
+ }
+
+int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
+ {
+ /* NB: The caller is specifically setting a method, so it's not up to us
+ * to deal with which ENGINE it comes from. */
+ const RSA_METHOD *mtmp;
+ mtmp = rsa->meth;
+ if (mtmp->finish) mtmp->finish(rsa);
+#ifndef OPENSSL_NO_ENGINE
+ if (rsa->engine)
+ {
+ ENGINE_finish(rsa->engine);
+ rsa->engine = NULL;
+ }
+#endif
+ rsa->meth = meth;
+ if (meth->init) meth->init(rsa);
+ return 1;
+ }
+
+RSA *RSA_new_method(ENGINE *engine)
+ {
+ RSA *ret;
+
+ ret=(RSA *)OPENSSL_malloc(sizeof(RSA));
+ if (ret == NULL)
+ {
+ RSAerr(RSA_F_RSA_NEW_METHOD,ERR_R_MALLOC_FAILURE);
+ return NULL;
+ }
+
+ ret->meth = RSA_get_default_method();
+#ifndef OPENSSL_NO_ENGINE
+ if (engine)
+ {
+ if (!ENGINE_init(engine))
+ {
+ RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ ret->engine = engine;
+ }
+ else
+ ret->engine = ENGINE_get_default_RSA();
+ if(ret->engine)
+ {
+ ret->meth = ENGINE_get_RSA(ret->engine);
+ if(!ret->meth)
+ {
+ RSAerr(RSA_F_RSA_NEW_METHOD,
+ ERR_R_ENGINE_LIB);
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
+ }
+ }
+#endif
+
+ ret->pad=0;
+ ret->version=0;
+ ret->n=NULL;
+ ret->e=NULL;
+ ret->d=NULL;
+ ret->p=NULL;
+ ret->q=NULL;
+ ret->dmp1=NULL;
+ ret->dmq1=NULL;
+ ret->iqmp=NULL;
+ ret->references=1;
+ ret->_method_mod_n=NULL;
+ ret->_method_mod_p=NULL;
+ ret->_method_mod_q=NULL;
+ ret->blinding=NULL;
+ ret->mt_blinding=NULL;
+ ret->bignum_data=NULL;
+ ret->flags=ret->meth->flags;
+ if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data))
+ {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return(NULL);
+ }
+
+ if ((ret->meth->init != NULL) && !ret->meth->init(ret))
+ {
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret=NULL;
+ }
+ return(ret);
+ }
+
+void RSA_free(RSA *r)
+ {
+ int i;
+
+ if (r == NULL) return;
+
+ i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+ REF_PRINT("RSA",r);
+#endif
+ if (i > 0) return;
+#ifdef REF_CHECK
+ if (i < 0)
+ {
+ fprintf(stderr,"RSA_free, bad reference count\n");
+ abort();
+ }
+#endif
+
+ if (r->meth->finish)
+ r->meth->finish(r);
+#ifndef OPENSSL_NO_ENGINE
+ if (r->engine)
+ ENGINE_finish(r->engine);
+#endif
+
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
+
+ if (r->n != NULL) BN_clear_free(r->n);
+ if (r->e != NULL) BN_clear_free(r->e);
+ if (r->d != NULL) BN_clear_free(r->d);
+ if (r->p != NULL) BN_clear_free(r->p);
+ if (r->q != NULL) BN_clear_free(r->q);
+ if (r->dmp1 != NULL) BN_clear_free(r->dmp1);
+ if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
+ if (r->iqmp != NULL) BN_clear_free(r->iqmp);
+ if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+ if (r->mt_blinding != NULL) BN_BLINDING_free(r->mt_blinding);
+ if (r->bignum_data != NULL) OPENSSL_free_locked(r->bignum_data);
+ OPENSSL_free(r);
+ }
+
+int RSA_up_ref(RSA *r)
+ {
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+ REF_PRINT("RSA",r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2)
+ {
+ fprintf(stderr, "RSA_up_ref, bad reference count\n");
+ abort();
+ }
+#endif
+ return ((i > 1) ? 1 : 0);
+ }
+
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+ {
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+ new_func, dup_func, free_func);
+ }
+
+int RSA_set_ex_data(RSA *r, int idx, void *arg)
+ {
+ return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));
+ }
+
+void *RSA_get_ex_data(const RSA *r, int idx)
+ {
+ return(CRYPTO_get_ex_data(&r->ex_data,idx));
+ }
+
+int RSA_size(const RSA *r)
+ {
+ return(BN_num_bytes(r->n));
+ }
+
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
@@ -76,13 +294,6 @@ int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
int RSA_private_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
return(rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
@@ -95,19 +306,12 @@ int RSA_private_decrypt(int flen, const unsigned char *from, unsigned char *to,
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
-int RSA_size(const RSA *r)
+int RSA_flags(const RSA *r)
{
- return(BN_num_bytes(r->n));
+ return((r == NULL)?0:r->meth->flags);
}
void RSA_blinding_off(RSA *rsa)
@@ -222,7 +426,7 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
goto err;
}
- BN_BLINDING_set_thread_id(ret, CRYPTO_thread_id());
+ CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
err:
BN_CTX_end(ctx);
if (in_ctx == NULL)
@@ -232,3 +436,48 @@ err:
return ret;
}
+
+int RSA_memory_lock(RSA *r)
+ {
+ int i,j,k,off;
+ char *p;
+ BIGNUM *bn,**t[6],*b;
+ BN_ULONG *ul;
+
+ if (r->d == NULL) return(1);
+ t[0]= &r->d;
+ t[1]= &r->p;
+ t[2]= &r->q;
+ t[3]= &r->dmp1;
+ t[4]= &r->dmq1;
+ t[5]= &r->iqmp;
+ k=sizeof(BIGNUM)*6;
+ off=k/sizeof(BN_ULONG)+1;
+ j=1;
+ for (i=0; i<6; i++)
+ j+= (*t[i])->top;
+ if ((p=OPENSSL_malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+ {
+ RSAerr(RSA_F_RSA_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ bn=(BIGNUM *)p;
+ ul=(BN_ULONG *)&(p[off]);
+ for (i=0; i<6; i++)
+ {
+ b= *(t[i]);
+ *(t[i])= &(bn[i]);
+ memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+ bn[i].flags=BN_FLG_STATIC_DATA;
+ bn[i].d=ul;
+ memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+ ul+=b->top;
+ BN_clear_free(b);
+ }
+
+ /* I should fix this so it can still be done */
+ r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+
+ r->bignum_data=p;
+ return(1);
+ }
diff --git a/openssl/crypto/rsa/rsa_locl.h b/openssl/crypto/rsa/rsa_locl.h
new file mode 100644
index 000000000..f5d2d5662
--- /dev/null
+++ b/openssl/crypto/rsa/rsa_locl.h
@@ -0,0 +1,4 @@
+extern int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+ unsigned char *rm, size_t *prm_len,
+ const unsigned char *sigbuf, size_t siglen,
+ RSA *rsa);
diff --git a/openssl/crypto/rsa/rsa_oaep.c b/openssl/crypto/rsa/rsa_oaep.c
index 4d30c9d2d..e238d10e5 100644
--- a/openssl/crypto/rsa/rsa_oaep.c
+++ b/openssl/crypto/rsa/rsa_oaep.c
@@ -28,7 +28,7 @@
#include <openssl/rand.h>
#include <openssl/sha.h>
-int MGF1(unsigned char *mask, long len,
+static int MGF1(unsigned char *mask, long len,
const unsigned char *seed, long seedlen);
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
@@ -52,13 +52,6 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
return 0;
}
- dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
- if (dbmask == NULL)
- {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
to[0] = 0;
seed = to + 1;
db = to + SHA_DIGEST_LENGTH + 1;
@@ -76,11 +69,20 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
20);
#endif
- MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH);
+ dbmask = OPENSSL_malloc(emlen - SHA_DIGEST_LENGTH);
+ if (dbmask == NULL)
+ {
+ RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP, ERR_R_MALLOC_FAILURE);
+ return 0;
+ }
+
+ if (MGF1(dbmask, emlen - SHA_DIGEST_LENGTH, seed, SHA_DIGEST_LENGTH) < 0)
+ return 0;
for (i = 0; i < emlen - SHA_DIGEST_LENGTH; i++)
db[i] ^= dbmask[i];
- MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH);
+ if (MGF1(seedmask, SHA_DIGEST_LENGTH, db, emlen - SHA_DIGEST_LENGTH) < 0)
+ return 0;
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= seedmask[i];
@@ -133,11 +135,13 @@ int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
maskeddb = padded_from + SHA_DIGEST_LENGTH;
- MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen);
+ if (MGF1(seed, SHA_DIGEST_LENGTH, maskeddb, dblen))
+ return -1;
for (i = 0; i < SHA_DIGEST_LENGTH; i++)
seed[i] ^= padded_from[i];
- MGF1(db, dblen, seed, SHA_DIGEST_LENGTH);
+ if (MGF1(db, dblen, seed, SHA_DIGEST_LENGTH))
+ return -1;
for (i = 0; i < dblen; i++)
db[i] ^= maskeddb[i];
@@ -187,7 +191,9 @@ int PKCS1_MGF1(unsigned char *mask, long len,
int mdlen;
EVP_MD_CTX_init(&c);
- mdlen = M_EVP_MD_size(dgst);
+ mdlen = EVP_MD_size(dgst);
+ if (mdlen < 0)
+ return -1;
for (i = 0; outlen < len; i++)
{
cnt[0] = (unsigned char)((i >> 24) & 255);
@@ -213,7 +219,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
return 0;
}
-int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+static int MGF1(unsigned char *mask, long len, const unsigned char *seed,
+ long seedlen)
{
return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
}
diff --git a/openssl/crypto/rsa/rsa_pmeth.c b/openssl/crypto/rsa/rsa_pmeth.c
new file mode 100644
index 000000000..297e17cdc
--- /dev/null
+++ b/openssl/crypto/rsa/rsa_pmeth.c
@@ -0,0 +1,585 @@
+/* crypto/rsa/rsa_pmeth.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/asn1t.h>
+#include <openssl/x509.h>
+#include <openssl/rsa.h>
+#include <openssl/bn.h>
+#include <openssl/evp.h>
+#include "evp_locl.h"
+#include "rsa_locl.h"
+
+/* RSA pkey context structure */
+
+typedef struct
+ {
+ /* Key gen parameters */
+ int nbits;
+ BIGNUM *pub_exp;
+ /* Keygen callback info */
+ int gentmp[2];
+ /* RSA padding mode */
+ int pad_mode;
+ /* message digest */
+ const EVP_MD *md;
+ /* PSS/OAEP salt length */
+ int saltlen;
+ /* Temp buffer */
+ unsigned char *tbuf;
+ } RSA_PKEY_CTX;
+
+static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
+ {
+ RSA_PKEY_CTX *rctx;
+ rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
+ if (!rctx)
+ return 0;
+ rctx->nbits = 1024;
+ rctx->pub_exp = NULL;
+ rctx->pad_mode = RSA_PKCS1_PADDING;
+ rctx->md = NULL;
+ rctx->tbuf = NULL;
+
+ rctx->saltlen = -2;
+
+ ctx->data = rctx;
+ ctx->keygen_info = rctx->gentmp;
+ ctx->keygen_info_count = 2;
+
+ return 1;
+ }
+
+static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
+ {
+ RSA_PKEY_CTX *dctx, *sctx;
+ if (!pkey_rsa_init(dst))
+ return 0;
+ sctx = src->data;
+ dctx = dst->data;
+ dctx->nbits = sctx->nbits;
+ if (sctx->pub_exp)
+ {
+ dctx->pub_exp = BN_dup(sctx->pub_exp);
+ if (!dctx->pub_exp)
+ return 0;
+ }
+ dctx->pad_mode = sctx->pad_mode;
+ dctx->md = sctx->md;
+ return 1;
+ }
+
+static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
+ {
+ if (ctx->tbuf)
+ return 1;
+ ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
+ if (!ctx->tbuf)
+ return 0;
+ return 1;
+ }
+
+static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
+ {
+ RSA_PKEY_CTX *rctx = ctx->data;
+ if (rctx)
+ {
+ if (rctx->pub_exp)
+ BN_free(rctx->pub_exp);
+ if (rctx->tbuf)
+ OPENSSL_free(rctx->tbuf);
+ OPENSSL_free(rctx);
+ }
+ }
+
+static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
+ const unsigned char *tbs, size_t tbslen)
+ {
+ int ret;
+ RSA_PKEY_CTX *rctx = ctx->data;
+ RSA *rsa = ctx->pkey->pkey.rsa;
+
+ if (rctx->md)
+ {
+ if (tbslen != (size_t)EVP_MD_size(rctx->md))
+ {
+ RSAerr(RSA_F_PKEY_RSA_SIGN,
+ RSA_R_INVALID_DIGEST_LENGTH);
+ return -1;
+ }
+ if (rctx->pad_mode == RSA_X931_PADDING)
+ {
+ if (!setup_tbuf(rctx, ctx))
+ return -1;
+ memcpy(rctx->tbuf, tbs, tbslen);
+ rctx->tbuf[tbslen] =
+ RSA_X931_hash_id(EVP_MD_type(rctx->md));
+ ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
+ sig, rsa, RSA_X931_PADDING);
+ }
+ else if (rctx->pad_mode == RSA_PKCS1_PADDING)
+ {
+ unsigned int sltmp;
+ ret = RSA_sign(EVP_MD_type(rctx->md),
+ tbs, tbslen, sig, &sltmp, rsa);
+ if (ret <= 0)
+ return ret;
+ ret = sltmp;
+ }
+ else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+ {
+ if (!setup_tbuf(rctx, ctx))
+ return -1;
+ if (!RSA_padding_add_PKCS1_PSS(rsa, rctx->tbuf, tbs,
+ rctx->md, rctx->saltlen))
+ return -1;
+ ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
+ sig, rsa, RSA_NO_PADDING);
+ }
+ else
+ return -1;
+ }
+ else
+ ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
+ rctx->pad_mode);
+ if (ret < 0)
+ return ret;
+ *siglen = ret;
+ return 1;
+ }
+
+
+static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
+ unsigned char *rout, size_t *routlen,
+ const unsigned char *sig, size_t siglen)
+ {
+ int ret;
+ RSA_PKEY_CTX *rctx = ctx->data;
+
+ if (rctx->md)
+ {
+ if (rctx->pad_mode == RSA_X931_PADDING)
+ {
+ if (!setup_tbuf(rctx, ctx))
+ return -1;
+ ret = RSA_public_decrypt(siglen, sig,
+ rctx->tbuf, ctx->pkey->pkey.rsa,
+ RSA_X931_PADDING);
+ if (ret < 1)
+ return 0;
+ ret--;
+ if (rctx->tbuf[ret] !=
+ RSA_X931_hash_id(EVP_MD_type(rctx->md)))
+ {
+ RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+ RSA_R_ALGORITHM_MISMATCH);
+ return 0;
+ }
+ if (ret != EVP_MD_size(rctx->md))
+ {
+ RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
+ RSA_R_INVALID_DIGEST_LENGTH);
+ return 0;
+ }
+ if (rout)
+ memcpy(rout, rctx->tbuf, ret);
+ }
+ else if (rctx->pad_mode == RSA_PKCS1_PADDING)
+ {
+ size_t sltmp;
+ ret = int_rsa_verify(EVP_MD_type(rctx->md),
+ NULL, 0, rout, &sltmp,
+ sig, siglen, ctx->pkey->pkey.rsa);
+ ret = sltmp;
+ }
+ else
+ return -1;
+ }
+ else
+ ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
+ rctx->pad_mode);
+ if (ret < 0)
+ return ret;
+ *routlen = ret;
+ return 1;
+ }
+
+static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
+ const unsigned char *sig, size_t siglen,
+ const unsigned char *tbs, size_t tbslen)
+ {
+ RSA_PKEY_CTX *rctx = ctx->data;
+ RSA *rsa = ctx->pkey->pkey.rsa;
+ size_t rslen;
+ if (rctx->md)
+ {
+ if (rctx->pad_mode == RSA_PKCS1_PADDING)
+ return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
+ sig, siglen, rsa);
+ if (rctx->pad_mode == RSA_X931_PADDING)
+ {
+ if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
+ sig, siglen) <= 0)
+ return 0;
+ }
+ else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
+ {
+ int ret;
+ if (!setup_tbuf(rctx, ctx))
+ return -1;
+ ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+ rsa, RSA_NO_PADDING);
+ if (ret <= 0)
+ return 0;
+ ret = RSA_verify_PKCS1_PSS(rsa, tbs, rctx->md,
+ rctx->tbuf, rctx->saltlen);
+ if (ret <= 0)
+ return 0;
+ return 1;
+ }
+ else
+ return -1;
+ }
+ else
+ {
+ if (!setup_tbuf(rctx, ctx))
+ return -1;
+ rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
+ rsa, rctx->pad_mode);
+ if (rslen == 0)
+ return 0;
+ }
+
+ if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
+ return 0;
+
+ return 1;
+
+ }
+
+
+static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen)
+ {
+ int ret;
+ RSA_PKEY_CTX *rctx = ctx->data;
+ ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+ rctx->pad_mode);
+ if (ret < 0)
+ return ret;
+ *outlen = ret;
+ return 1;
+ }
+
+static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
+ unsigned char *out, size_t *outlen,
+ const unsigned char *in, size_t inlen)
+ {
+ int ret;
+ RSA_PKEY_CTX *rctx = ctx->data;
+ ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
+ rctx->pad_mode);
+ if (ret < 0)
+ return ret;
+ *outlen = ret;
+ return 1;
+ }
+
+static int check_padding_md(const EVP_MD *md, int padding)
+ {
+ if (!md)
+ return 1;
+
+ if (padding == RSA_NO_PADDING)
+ {
+ RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
+ return 0;
+ }
+
+ if (padding == RSA_X931_PADDING)
+ {
+ if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
+ {
+ RSAerr(RSA_F_CHECK_PADDING_MD,
+ RSA_R_INVALID_X931_DIGEST);
+ return 0;
+ }
+ return 1;
+ }
+
+ return 1;
+ }
+
+
+static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
+ {
+ RSA_PKEY_CTX *rctx = ctx->data;
+ switch (type)
+ {
+ case EVP_PKEY_CTRL_RSA_PADDING:
+ if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
+ {
+ if (!check_padding_md(rctx->md, p1))
+ return 0;
+ if (p1 == RSA_PKCS1_PSS_PADDING)
+ {
+ if (!(ctx->operation &
+ (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
+ goto bad_pad;
+ if (!rctx->md)
+ rctx->md = EVP_sha1();
+ }
+ if (p1 == RSA_PKCS1_OAEP_PADDING)
+ {
+ if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
+ goto bad_pad;
+ if (!rctx->md)
+ rctx->md = EVP_sha1();
+ }
+ rctx->pad_mode = p1;
+ return 1;
+ }
+ bad_pad:
+ RSAerr(RSA_F_PKEY_RSA_CTRL,
+ RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
+ return -2;
+
+ case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
+ if (p1 < -2)
+ return -2;
+ if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
+ {
+ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
+ return -2;
+ }
+ rctx->saltlen = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
+ if (p1 < 256)
+ {
+ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
+ return -2;
+ }
+ rctx->nbits = p1;
+ return 1;
+
+ case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
+ if (!p2)
+ return -2;
+ rctx->pub_exp = p2;
+ return 1;
+
+ case EVP_PKEY_CTRL_MD:
+ if (!check_padding_md(p2, rctx->pad_mode))
+ return 0;
+ rctx->md = p2;
+ return 1;
+
+ case EVP_PKEY_CTRL_DIGESTINIT:
+ case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
+ case EVP_PKEY_CTRL_PKCS7_DECRYPT:
+ case EVP_PKEY_CTRL_PKCS7_SIGN:
+#ifndef OPENSSL_NO_CMS
+ case EVP_PKEY_CTRL_CMS_ENCRYPT:
+ case EVP_PKEY_CTRL_CMS_DECRYPT:
+ case EVP_PKEY_CTRL_CMS_SIGN:
+#endif
+ return 1;
+ case EVP_PKEY_CTRL_PEER_KEY:
+ RSAerr(RSA_F_PKEY_RSA_CTRL,
+ RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
+ return -2;
+
+ default:
+ return -2;
+
+ }
+ }
+
+static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
+ const char *type, const char *value)
+ {
+ if (!value)
+ {
+ RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
+ return 0;
+ }
+ if (!strcmp(type, "rsa_padding_mode"))
+ {
+ int pm;
+ if (!strcmp(value, "pkcs1"))
+ pm = RSA_PKCS1_PADDING;
+ else if (!strcmp(value, "sslv23"))
+ pm = RSA_SSLV23_PADDING;
+ else if (!strcmp(value, "none"))
+ pm = RSA_NO_PADDING;
+ else if (!strcmp(value, "oeap"))
+ pm = RSA_PKCS1_OAEP_PADDING;
+ else if (!strcmp(value, "x931"))
+ pm = RSA_X931_PADDING;
+ else if (!strcmp(value, "pss"))
+ pm = RSA_PKCS1_PSS_PADDING;
+ else
+ {
+ RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
+ RSA_R_UNKNOWN_PADDING_TYPE);
+ return -2;
+ }
+ return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
+ }
+
+ if (!strcmp(type, "rsa_pss_saltlen"))
+ {
+ int saltlen;
+ saltlen = atoi(value);
+ return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
+ }
+
+ if (!strcmp(type, "rsa_keygen_bits"))
+ {
+ int nbits;
+ nbits = atoi(value);
+ return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
+ }
+
+ if (!strcmp(type, "rsa_keygen_pubexp"))
+ {
+ int ret;
+ BIGNUM *pubexp = NULL;
+ if (!BN_asc2bn(&pubexp, value))
+ return 0;
+ ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
+ if (ret <= 0)
+ BN_free(pubexp);
+ return ret;
+ }
+
+ return -2;
+ }
+
+static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
+ {
+ RSA *rsa = NULL;
+ RSA_PKEY_CTX *rctx = ctx->data;
+ BN_GENCB *pcb, cb;
+ int ret;
+ if (!rctx->pub_exp)
+ {
+ rctx->pub_exp = BN_new();
+ if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
+ return 0;
+ }
+ rsa = RSA_new();
+ if (!rsa)
+ return 0;
+ if (ctx->pkey_gencb)
+ {
+ pcb = &cb;
+ evp_pkey_set_cb_translate(pcb, ctx);
+ }
+ else
+ pcb = NULL;
+ ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
+ if (ret > 0)
+ EVP_PKEY_assign_RSA(pkey, rsa);
+ else
+ RSA_free(rsa);
+ return ret;
+ }
+
+const EVP_PKEY_METHOD rsa_pkey_meth =
+ {
+ EVP_PKEY_RSA,
+ EVP_PKEY_FLAG_AUTOARGLEN,
+ pkey_rsa_init,
+ pkey_rsa_copy,
+ pkey_rsa_cleanup,
+
+ 0,0,
+
+ 0,
+ pkey_rsa_keygen,
+
+ 0,
+ pkey_rsa_sign,
+
+ 0,
+ pkey_rsa_verify,
+
+ 0,
+ pkey_rsa_verifyrecover,
+
+
+ 0,0,0,0,
+
+ 0,
+ pkey_rsa_encrypt,
+
+ 0,
+ pkey_rsa_decrypt,
+
+ 0,0,
+
+ pkey_rsa_ctrl,
+ pkey_rsa_ctrl_str
+
+
+ };
diff --git a/openssl/crypto/rsa/rsa_prn.c b/openssl/crypto/rsa/rsa_prn.c
new file mode 100644
index 000000000..224db0fae
--- /dev/null
+++ b/openssl/crypto/rsa/rsa_prn.c
@@ -0,0 +1,93 @@
+/* crypto/rsa/rsa_prn.c */
+/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
+ * project 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/rsa.h>
+#include <openssl/evp.h>
+
+#ifndef OPENSSL_NO_FP_API
+int RSA_print_fp(FILE *fp, const RSA *x, int off)
+ {
+ BIO *b;
+ int ret;
+
+ if ((b=BIO_new(BIO_s_file())) == NULL)
+ {
+ RSAerr(RSA_F_RSA_PRINT_FP,ERR_R_BUF_LIB);
+ return(0);
+ }
+ BIO_set_fp(b,fp,BIO_NOCLOSE);
+ ret=RSA_print(b,x,off);
+ BIO_free(b);
+ return(ret);
+ }
+#endif
+
+int RSA_print(BIO *bp, const RSA *x, int off)
+ {
+ EVP_PKEY *pk;
+ int ret;
+ pk = EVP_PKEY_new();
+ if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+ return 0;
+ ret = EVP_PKEY_print_private(bp, pk, off, NULL);
+ EVP_PKEY_free(pk);
+ return ret;
+ }
+
diff --git a/openssl/crypto/rsa/rsa_pss.c b/openssl/crypto/rsa/rsa_pss.c
index 9b993aca4..ac211e2ff 100644
--- a/openssl/crypto/rsa/rsa_pss.c
+++ b/openssl/crypto/rsa/rsa_pss.c
@@ -81,7 +81,9 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
EVP_MD_CTX ctx;
unsigned char H_[EVP_MAX_MD_SIZE];
- hLen = M_EVP_MD_size(Hash);
+ hLen = EVP_MD_size(Hash);
+ if (hLen < 0)
+ goto err;
/*
* Negative sLen has special meanings:
* -1 sLen == hLen
@@ -126,7 +128,8 @@ int RSA_verify_PKCS1_PSS(RSA *rsa, const unsigned char *mHash,
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS, ERR_R_MALLOC_FAILURE);
goto err;
}
- PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash);
+ if (PKCS1_MGF1(DB, maskedDBLen, H, hLen, Hash) < 0)
+ goto err;
for (i = 0; i < maskedDBLen; i++)
DB[i] ^= EM[i];
if (MSBits)
@@ -176,7 +179,9 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
unsigned char *H, *salt = NULL, *p;
EVP_MD_CTX ctx;
- hLen = M_EVP_MD_size(Hash);
+ hLen = EVP_MD_size(Hash);
+ if (hLen < 0)
+ goto err;
/*
* Negative sLen has special meanings:
* -1 sLen == hLen
@@ -217,7 +222,7 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
ERR_R_MALLOC_FAILURE);
goto err;
}
- if (!RAND_bytes(salt, sLen))
+ if (RAND_bytes(salt, sLen) <= 0)
goto err;
}
maskedDBLen = emLen - hLen - 1;
@@ -232,7 +237,8 @@ int RSA_padding_add_PKCS1_PSS(RSA *rsa, unsigned char *EM,
EVP_MD_CTX_cleanup(&ctx);
/* Generate dbMask in place then perform XOR on it */
- PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash);
+ if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, Hash))
+ goto err;
p = EM;
diff --git a/openssl/crypto/rsa/rsa_sign.c b/openssl/crypto/rsa/rsa_sign.c
index 5488c06f6..0be4ec7fb 100644
--- a/openssl/crypto/rsa/rsa_sign.c
+++ b/openssl/crypto/rsa/rsa_sign.c
@@ -62,6 +62,7 @@
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
+#include "rsa_locl.h"
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
@@ -90,14 +91,6 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
i = SSL_SIG_LENGTH;
s = m;
} else {
- /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
- if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
sig.algor= &algor;
sig.algor->algorithm=OBJ_nid2obj(type);
if (sig.algor->algorithm == NULL)
@@ -150,8 +143,11 @@ int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
return(ret);
}
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
- unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+int int_rsa_verify(int dtype, const unsigned char *m,
+ unsigned int m_len,
+ unsigned char *rm, size_t *prm_len,
+ const unsigned char *sigbuf, size_t siglen,
+ RSA *rsa)
{
int i,ret=0,sigtype;
unsigned char *s;
@@ -159,38 +155,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
if (siglen != (unsigned int)RSA_size(rsa))
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
return(0);
}
- if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+ if((dtype == NID_md5_sha1) && rm)
{
- return rsa->meth->rsa_verify(dtype, m, m_len,
- sigbuf, siglen, rsa);
+ i = RSA_public_decrypt((int)siglen,
+ sigbuf,rm,rsa,RSA_PKCS1_PADDING);
+ if (i <= 0)
+ return 0;
+ *prm_len = i;
+ return 1;
}
s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL)
{
- RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+ RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
goto err;
}
- if(dtype == NID_md5_sha1)
- {
- if (m_len != SSL_SIG_LENGTH)
- {
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
+ if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
- }
- }
- /* NB: in FIPS mode block anything that isn't a TLS signature */
-#ifdef OPENSSL_FIPS
- else if(FIPS_mode() && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW))
- {
- RSAerr(RSA_F_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
- return 0;
- }
-#endif
+ }
i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
if (i <= 0) goto err;
@@ -198,7 +186,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
/* Special case: SSL signature */
if(dtype == NID_md5_sha1) {
if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
else ret = 1;
} else {
const unsigned char *p=s;
@@ -209,7 +197,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
/* Excess data can be used to create forgeries */
if(p != s+i)
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
@@ -218,7 +206,7 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
if(sig->algor->parameter
&& ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
goto err;
}
@@ -244,15 +232,30 @@ int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
}
else
{
- RSAerr(RSA_F_RSA_VERIFY,
+ RSAerr(RSA_F_INT_RSA_VERIFY,
RSA_R_ALGORITHM_MISMATCH);
goto err;
}
}
- if ( ((unsigned int)sig->digest->length != m_len) ||
+ if (rm)
+ {
+ const EVP_MD *md;
+ md = EVP_get_digestbynid(dtype);
+ if (md && (EVP_MD_size(md) != sig->digest->length))
+ RSAerr(RSA_F_INT_RSA_VERIFY,
+ RSA_R_INVALID_DIGEST_LENGTH);
+ else
+ {
+ memcpy(rm, sig->digest->data,
+ sig->digest->length);
+ *prm_len = sig->digest->length;
+ ret = 1;
+ }
+ }
+ else if (((unsigned int)sig->digest->length != m_len) ||
(memcmp(m,sig->digest->data,m_len) != 0))
{
- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+ RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
}
else
ret=1;
@@ -267,3 +270,16 @@ err:
return(ret);
}
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+ const unsigned char *sigbuf, unsigned int siglen,
+ RSA *rsa)
+ {
+
+ if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+ {
+ return rsa->meth->rsa_verify(dtype, m, m_len,
+ sigbuf, siglen, rsa);
+ }
+
+ return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+ }
diff --git a/openssl/crypto/rsa/rsa_test.c b/openssl/crypto/rsa/rsa_test.c
index 4080de8bc..c8705a0f6 100644
--- a/openssl/crypto/rsa/rsa_test.c
+++ b/openssl/crypto/rsa/rsa_test.c
@@ -328,7 +328,7 @@ int main(int argc, char *argv[])
}
CRYPTO_cleanup_all_ex_data();
- ERR_remove_state(0);
+ ERR_remove_thread_state(NULL);
CRYPTO_mem_leaks_fp(stderr);
diff --git a/openssl/crypto/rsa/rsa_x931g.c b/openssl/crypto/rsa/rsa_x931g.c
deleted file mode 100644
index bf94f8be7..000000000
--- a/openssl/crypto/rsa/rsa_x931g.c
+++ /dev/null
@@ -1,255 +0,0 @@
-/* crypto/rsa/rsa_gen.c */
-/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
- * All rights reserved.
- *
- * This package is an SSL implementation written
- * by Eric Young (eay@cryptsoft.com).
- * The implementation was written so as to conform with Netscapes SSL.
- *
- * This library is free for commercial and non-commercial use as long as
- * the following conditions are aheared to. The following conditions
- * apply to all code found in this distribution, be it the RC4, RSA,
- * lhash, DES, etc., code; not just the SSL code. The SSL documentation
- * included with this distribution is covered by the same copyright terms
- * except that the holder is Tim Hudson (tjh@cryptsoft.com).
- *
- * Copyright remains Eric Young's, and as such any Copyright notices in
- * the code are not to be removed.
- * If this package is used in a product, Eric Young should be given attribution
- * as the author of the parts of the library used.
- * This can be in the form of a textual message at program startup or
- * in documentation (online or textual) provided with the package.
- *
- * Redistribution and use in source and binary forms, with or without
- * modification, are permitted provided that the following conditions
- * are met:
- * 1. Redistributions of source code must retain the copyright
- * notice, this list of conditions and the following disclaimer.
- * 2. Redistributions in binary form must reproduce the above copyright
- * notice, this list of conditions and the following disclaimer in the
- * documentation and/or other materials provided with the distribution.
- * 3. All advertising materials mentioning features or use of this software
- * must display the following acknowledgement:
- * "This product includes cryptographic software written by
- * Eric Young (eay@cryptsoft.com)"
- * The word 'cryptographic' can be left out if the rouines from the library
- * being used are not cryptographic related :-).
- * 4. If you include any Windows specific code (or a derivative thereof) from
- * the apps directory (application code) you must include an acknowledgement:
- * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
- *
- * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
- * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
- * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- * SUCH DAMAGE.
- *
- * The licence and distribution terms for any publically available version or
- * derivative of this code cannot be changed. i.e. this code cannot simply be
- * copied and put under another distribution licence
- * [including the GNU Public Licence.]
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include <openssl/rsa.h>
-
-#ifndef OPENSSL_FIPS
-
-/* X9.31 RSA key derivation and generation */
-
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1, BIGNUM *q2,
- const BIGNUM *Xp1, const BIGNUM *Xp2, const BIGNUM *Xp,
- const BIGNUM *Xq1, const BIGNUM *Xq2, const BIGNUM *Xq,
- const BIGNUM *e, BN_GENCB *cb)
- {
- BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL;
- BN_CTX *ctx=NULL,*ctx2=NULL;
-
- if (!rsa)
- goto err;
-
- ctx = BN_CTX_new();
- if (!ctx)
- goto err;
- BN_CTX_start(ctx);
-
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- r3 = BN_CTX_get(ctx);
-
- if (r3 == NULL)
- goto err;
- if (!rsa->e)
- {
- rsa->e = BN_dup(e);
- if (!rsa->e)
- goto err;
- }
- else
- e = rsa->e;
-
- /* If not all parameters present only calculate what we can.
- * This allows test programs to output selective parameters.
- */
-
- if (Xp && !rsa->p)
- {
- rsa->p = BN_new();
- if (!rsa->p)
- goto err;
-
- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
- Xp, Xp1, Xp2, e, ctx, cb))
- goto err;
- }
-
- if (Xq && !rsa->q)
- {
- rsa->q = BN_new();
- if (!rsa->q)
- goto err;
- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
- Xq, Xq1, Xq2, e, ctx, cb))
- goto err;
- }
-
- if (!rsa->p || !rsa->q)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return 2;
- }
-
- /* Since both primes are set we can now calculate all remaining
- * components.
- */
-
- /* calculate n */
- rsa->n=BN_new();
- if (rsa->n == NULL)
- goto err;
- if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx))
- goto err;
-
- /* calculate d */
- if (!BN_sub(r1,rsa->p,BN_value_one()))
- goto err; /* p-1 */
- if (!BN_sub(r2,rsa->q,BN_value_one()))
- goto err; /* q-1 */
- if (!BN_mul(r0,r1,r2,ctx))
- goto err; /* (p-1)(q-1) */
-
- if (!BN_gcd(r3, r1, r2, ctx))
- goto err;
-
- if (!BN_div(r0, NULL, r0, r3, ctx))
- goto err; /* LCM((p-1)(q-1)) */
-
- ctx2 = BN_CTX_new();
- if (!ctx2)
- goto err;
-
- rsa->d=BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
- if (rsa->d == NULL)
- goto err;
-
- /* calculate d mod (p-1) */
- rsa->dmp1=BN_new();
- if (rsa->dmp1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmp1,rsa->d,r1,ctx))
- goto err;
-
- /* calculate d mod (q-1) */
- rsa->dmq1=BN_new();
- if (rsa->dmq1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx))
- goto err;
-
- /* calculate inverse of q mod p */
- rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
-
- err:
- if (ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
- if (ctx2)
- BN_CTX_free(ctx2);
- /* If this is set all calls successful */
- if (rsa && rsa->iqmp != NULL)
- return 1;
-
- return 0;
-
- }
-
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
- {
- int ok = 0;
- BIGNUM *Xp = NULL, *Xq = NULL;
- BN_CTX *ctx = NULL;
-
- ctx = BN_CTX_new();
- if (!ctx)
- goto error;
-
- BN_CTX_start(ctx);
- Xp = BN_CTX_get(ctx);
- Xq = BN_CTX_get(ctx);
- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
- goto error;
-
- rsa->p = BN_new();
- rsa->q = BN_new();
- if (!rsa->p || !rsa->q)
- goto error;
-
- /* Generate two primes from Xp, Xq */
-
- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
- e, ctx, cb))
- goto error;
-
- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
- e, ctx, cb))
- goto error;
-
- /* Since rsa->p and rsa->q are valid this call will just derive
- * remaining RSA components.
- */
-
- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
- goto error;
-
- ok = 1;
-
- error:
- if (ctx)
- {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- }
-
- if (ok)
- return 1;
-
- return 0;
-
- }
-
-#endif