summaryrefslogtreecommitdiff
path: root/Cryptlib/OpenSSL/crypto/rsa
diff options
context:
space:
mode:
authorPeter Jones <pjones@redhat.com>2017-08-31 13:57:30 -0400
committerPeter Jones <pjones@redhat.com>2017-08-31 15:13:58 -0400
commit1d39ada8cb336d9e7c156be7526b674851fbdd40 (patch)
treedc497e33b1d4830bf58d79dedc3026087f31f044 /Cryptlib/OpenSSL/crypto/rsa
parenteae64276ffe0361d2b4087c48390d12f157f65f0 (diff)
downloadefi-boot-shim-1d39ada8cb336d9e7c156be7526b674851fbdd40.tar.gz
efi-boot-shim-1d39ada8cb336d9e7c156be7526b674851fbdd40.zip
Revert lots of Cryptlib updates.
OpenSSL changes quite a bit of the key validation, and most of the keys I can find in the wild aren't marked as trusted by the new checker. Intel noticed this too: https://github.com/vathpela/edk2/commit/f536d7c3ed but instead of fixing the compatibility error, they switched their test data to match the bug. So that's pretty broken. For now, I'm reverting OpenSSL 1.1.0e, because we need those certs in the wild to work. This reverts commit 513cbe2aea689bf968f171f894f3d4cdb43524d5. This reverts commit e9cc33d6f2b7f35c6f5e349fd83fb9ae0bc66226. This reverts commit 80d49f758ead0180bfe6161931838e0578248303. This reverts commit 9bc647e2b23bcfd69a0077c0717fbc454c919a57. This reverts commit ae75df6232ad30f3e8736e9449692d58a7439260. This reverts commit e883479f35644d17db7efed710657c8543cfcb68. This reverts commit 97469449fda5ba933a64280917e776487301a127. This reverts commit e39692647f78e13d757ddbfdd36f440d5f526050. This reverts commit 0f3dfc01e2d5e7df882c963dd8dc4a0dfbfc96ad. This reverts commit 4da6ac819510c7cc4ba21d7a735d69b45daa5873. This reverts commit d064bd7eef201f26cb926450a76260b5187ac689. This reverts commit 9bc86cfd6f9387f0da9d5c0102b6aa5627e91c91. This reverts commit ab9a05a10f16b33f7ee1e9da360c7801eebdb9d2. Signed-off-by: Peter Jones <pjones@redhat.com>
Diffstat (limited to 'Cryptlib/OpenSSL/crypto/rsa')
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c221
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c78
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c89
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c145
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c92
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c (renamed from Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c)532
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_err.c138
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c166
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c393
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h92
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c273
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_none.c65
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_null.c76
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c55
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c96
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c261
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c66
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c110
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c78
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c413
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c63
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c63
-rw-r--r--Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c195
23 files changed, 2160 insertions, 1600 deletions
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
index 5694140a..951e1d5c 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c
@@ -1,21 +1,72 @@
+/* crypto/rsa/rsa_ameth.c */
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
+#include <openssl/rsa.h>
#include <openssl/bn.h>
-#include <openssl/cms.h>
-#include "internal/asn1_int.h"
-#include "internal/evp_int.h"
-#include "rsa_locl.h"
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
+#include "asn1_locl.h"
#ifndef OPENSSL_NO_CMS
static int rsa_cms_sign(CMS_SignerInfo *si);
@@ -44,10 +95,9 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey)
const unsigned char *p;
int pklen;
RSA *rsa = NULL;
-
if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey))
return 0;
- if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) {
+ if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) {
RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB);
return 0;
}
@@ -67,8 +117,7 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey,
const unsigned char **pder, int derlen)
{
RSA *rsa;
-
- if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) {
+ if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) {
RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB);
return 0;
}
@@ -101,7 +150,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey)
return 1;
}
-static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8)
+static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8)
{
const unsigned char *p;
int pklen;
@@ -120,21 +169,45 @@ static int rsa_bits(const EVP_PKEY *pkey)
return BN_num_bits(pkey->pkey.rsa->n);
}
-static int rsa_security_bits(const EVP_PKEY *pkey)
+static void int_rsa_free(EVP_PKEY *pkey)
{
- return RSA_security_bits(pkey->pkey.rsa);
+ RSA_free(pkey->pkey.rsa);
}
-static void int_rsa_free(EVP_PKEY *pkey)
+static void update_buflen(const BIGNUM *b, size_t *pbuflen)
{
- RSA_free(pkey->pkey.rsa);
+ size_t i;
+ if (!b)
+ return;
+ if (*pbuflen < (i = (size_t)BN_num_bytes(b)))
+ *pbuflen = i;
}
static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
{
char *str;
const char *s;
+ unsigned char *m = NULL;
int ret = 0, mod_len = 0;
+ size_t buf_len = 0;
+
+ update_buflen(x->n, &buf_len);
+ update_buflen(x->e, &buf_len);
+
+ if (priv) {
+ update_buflen(x->d, &buf_len);
+ update_buflen(x->p, &buf_len);
+ update_buflen(x->q, &buf_len);
+ update_buflen(x->dmp1, &buf_len);
+ update_buflen(x->dmq1, &buf_len);
+ update_buflen(x->iqmp, &buf_len);
+ }
+
+ m = (unsigned char *)OPENSSL_malloc(buf_len + 10);
+ if (m == NULL) {
+ RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE);
+ goto err;
+ }
if (x->n != NULL)
mod_len = BN_num_bits(x->n);
@@ -143,36 +216,40 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv)
goto err;
if (priv && x->d) {
- if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0)
+ if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len)
+ <= 0)
goto err;
str = "modulus:";
s = "publicExponent:";
} else {
- if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0)
+ if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len)
+ <= 0)
goto err;
str = "Modulus:";
s = "Exponent:";
}
- if (!ASN1_bn_print(bp, str, x->n, NULL, off))
+ if (!ASN1_bn_print(bp, str, x->n, m, off))
goto err;
- if (!ASN1_bn_print(bp, s, x->e, NULL, off))
+ if (!ASN1_bn_print(bp, s, x->e, m, off))
goto err;
if (priv) {
- if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off))
+ if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off))
goto err;
- if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off))
+ if (!ASN1_bn_print(bp, "prime1:", x->p, m, off))
goto err;
- if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off))
+ if (!ASN1_bn_print(bp, "prime2:", x->q, m, off))
goto err;
- if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off))
+ if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off))
goto err;
- if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off))
+ if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off))
goto err;
- if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off))
+ if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off))
goto err;
}
ret = 1;
err:
+ if (m != NULL)
+ OPENSSL_free(m);
return (ret);
}
@@ -191,23 +268,34 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent,
/* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */
static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg)
{
- if (alg == NULL)
+ const unsigned char *p;
+ int plen;
+ if (alg == NULL || alg->parameter == NULL)
return NULL;
if (OBJ_obj2nid(alg->algorithm) != NID_mgf1)
return NULL;
- return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR),
- alg->parameter);
+ if (alg->parameter->type != V_ASN1_SEQUENCE)
+ return NULL;
+
+ p = alg->parameter->value.sequence->data;
+ plen = alg->parameter->value.sequence->length;
+ return d2i_X509_ALGOR(NULL, &p, plen);
}
static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg,
X509_ALGOR **pmaskHash)
{
+ const unsigned char *p;
+ int plen;
RSA_PSS_PARAMS *pss;
*pmaskHash = NULL;
- pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS),
- alg->parameter);
+ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = alg->parameter->value.sequence->data;
+ plen = alg->parameter->value.sequence->length;
+ pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen);
if (!pss)
return NULL;
@@ -299,8 +387,10 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg,
X509_ALGOR *maskHash;
pss = rsa_pss_decode(sigalg, &maskHash);
rv = rsa_pss_param_print(bp, pss, maskHash, indent);
- RSA_PSS_PARAMS_free(pss);
- X509_ALGOR_free(maskHash);
+ if (pss)
+ RSA_PSS_PARAMS_free(pss);
+ if (maskHash)
+ X509_ALGOR_free(maskHash);
if (!rv)
return 0;
} else if (!sig && BIO_puts(bp, "\n") <= 0)
@@ -366,7 +456,7 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md)
if (EVP_MD_type(md) == NID_sha1)
return 1;
*palg = X509_ALGOR_new();
- if (*palg == NULL)
+ if (!*palg)
return 0;
X509_ALGOR_set_md(*palg, md);
return 1;
@@ -386,13 +476,15 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md)
if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp))
goto err;
*palg = X509_ALGOR_new();
- if (*palg == NULL)
+ if (!*palg)
goto err;
X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp);
stmp = NULL;
err:
- ASN1_STRING_free(stmp);
- X509_ALGOR_free(algtmp);
+ if (stmp)
+ ASN1_STRING_free(stmp);
+ if (algtmp)
+ X509_ALGOR_free(algtmp);
if (*palg)
return 1;
return 0;
@@ -459,11 +551,11 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
saltlen--;
}
pss = RSA_PSS_PARAMS_new();
- if (pss == NULL)
+ if (!pss)
goto err;
if (saltlen != 20) {
pss->saltLength = ASN1_INTEGER_new();
- if (pss->saltLength == NULL)
+ if (!pss->saltLength)
goto err;
if (!ASN1_INTEGER_set(pss->saltLength, saltlen))
goto err;
@@ -477,16 +569,18 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx)
goto err;
rv = 1;
err:
- RSA_PSS_PARAMS_free(pss);
+ if (pss)
+ RSA_PSS_PARAMS_free(pss);
if (rv)
return os;
- ASN1_STRING_free(os);
+ if (os)
+ ASN1_STRING_free(os);
return NULL;
}
/*
* From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL
- * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are
+ * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are
* passed to pkctx instead.
*/
@@ -568,7 +662,8 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx,
err:
RSA_PSS_PARAMS_free(pss);
- X509_ALGOR_free(maskHash);
+ if (maskHash)
+ X509_ALGOR_free(maskHash);
return rv;
}
@@ -646,7 +741,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
ASN1_BIT_STRING *sig)
{
int pad_mode;
- EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx);
+ EVP_PKEY_CTX *pkctx = ctx->pctx;
if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0)
return 0;
if (pad_mode == RSA_PKCS1_PADDING)
@@ -673,16 +768,20 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn,
return 2;
}
-#ifndef OPENSSL_NO_CMS
static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
X509_ALGOR **pmaskHash)
{
+ const unsigned char *p;
+ int plen;
RSA_OAEP_PARAMS *pss;
*pmaskHash = NULL;
- pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS),
- alg->parameter);
+ if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE)
+ return NULL;
+ p = alg->parameter->value.sequence->data;
+ plen = alg->parameter->value.sequence->length;
+ pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen);
if (!pss)
return NULL;
@@ -692,6 +791,7 @@ static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg,
return pss;
}
+#ifndef OPENSSL_NO_CMS
static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
{
EVP_PKEY_CTX *pkctx;
@@ -760,7 +860,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri)
err:
RSA_OAEP_PARAMS_free(oaep);
- X509_ALGOR_free(maskHash);
+ if (maskHash)
+ X509_ALGOR_free(maskHash);
return rv;
}
@@ -793,19 +894,18 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
if (labellen < 0)
goto err;
oaep = RSA_OAEP_PARAMS_new();
- if (oaep == NULL)
+ if (!oaep)
goto err;
if (!rsa_md_to_algor(&oaep->hashFunc, md))
goto err;
if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md))
goto err;
if (labellen > 0) {
- ASN1_OCTET_STRING *los;
+ ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new();
oaep->pSourceFunc = X509_ALGOR_new();
- if (oaep->pSourceFunc == NULL)
+ if (!oaep->pSourceFunc)
goto err;
- los = ASN1_OCTET_STRING_new();
- if (los == NULL)
+ if (!los)
goto err;
if (!ASN1_OCTET_STRING_set(los, label, labellen)) {
ASN1_OCTET_STRING_free(los);
@@ -821,13 +921,15 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri)
os = NULL;
rv = 1;
err:
- RSA_OAEP_PARAMS_free(oaep);
- ASN1_STRING_free(os);
+ if (oaep)
+ RSA_OAEP_PARAMS_free(oaep);
+ if (os)
+ ASN1_STRING_free(os);
return rv;
}
#endif
-const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
+const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = {
{
EVP_PKEY_RSA,
EVP_PKEY_RSA,
@@ -847,7 +949,6 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = {
int_rsa_size,
rsa_bits,
- rsa_security_bits,
0, 0, 0, 0, 0, 0,
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
index 20f8ebfa..aff8b583 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_asn1.c
@@ -1,18 +1,68 @@
+/* rsa_asn1.c */
/*
- * Copyright 2000-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2000.
+ */
+/* ====================================================================
+ * Copyright (c) 2000-2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
+#include <openssl/rsa.h>
#include <openssl/x509.h>
#include <openssl/asn1t.h>
-#include "rsa_locl.h"
/* Override the default free and new methods */
static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
@@ -20,7 +70,7 @@ static int rsa_cb(int operation, ASN1_VALUE **pval, const ASN1_ITEM *it,
{
if (operation == ASN1_OP_NEW_PRE) {
*pval = (ASN1_VALUE *)RSA_new();
- if (*pval != NULL)
+ if (*pval)
return 2;
return 0;
} else if (operation == ASN1_OP_FREE_PRE) {
@@ -35,12 +85,12 @@ ASN1_SEQUENCE_cb(RSAPrivateKey, rsa_cb) = {
ASN1_SIMPLE(RSA, version, LONG),
ASN1_SIMPLE(RSA, n, BIGNUM),
ASN1_SIMPLE(RSA, e, BIGNUM),
- ASN1_SIMPLE(RSA, d, CBIGNUM),
- ASN1_SIMPLE(RSA, p, CBIGNUM),
- ASN1_SIMPLE(RSA, q, CBIGNUM),
- ASN1_SIMPLE(RSA, dmp1, CBIGNUM),
- ASN1_SIMPLE(RSA, dmq1, CBIGNUM),
- ASN1_SIMPLE(RSA, iqmp, CBIGNUM)
+ ASN1_SIMPLE(RSA, d, BIGNUM),
+ ASN1_SIMPLE(RSA, p, BIGNUM),
+ ASN1_SIMPLE(RSA, q, BIGNUM),
+ ASN1_SIMPLE(RSA, dmp1, BIGNUM),
+ ASN1_SIMPLE(RSA, dmq1, BIGNUM),
+ ASN1_SIMPLE(RSA, iqmp, BIGNUM)
} ASN1_SEQUENCE_END_cb(RSA, RSAPrivateKey)
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
index 00260fb1..475dfc56 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_chk.c
@@ -1,30 +1,65 @@
-/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_chk.c */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
*/
#include <openssl/bn.h>
#include <openssl/err.h>
-#include "rsa_locl.h"
+#include <openssl/rsa.h>
int RSA_check_key(const RSA *key)
{
- return RSA_check_key_ex(key, NULL);
-}
-
-int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
-{
BIGNUM *i, *j, *k, *l, *m;
BN_CTX *ctx;
int ret = 1;
- if (key->p == NULL || key->q == NULL || key->n == NULL
- || key->e == NULL || key->d == NULL) {
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_VALUE_MISSING);
+ if (!key->p || !key->q || !key->n || !key->e || !key->d) {
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_VALUE_MISSING);
return 0;
}
@@ -37,29 +72,29 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
if (i == NULL || j == NULL || k == NULL || l == NULL
|| m == NULL || ctx == NULL) {
ret = -1;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, ERR_R_MALLOC_FAILURE);
+ RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE);
goto err;
}
if (BN_is_one(key->e)) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
}
if (!BN_is_odd(key->e)) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_BAD_E_VALUE);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_BAD_E_VALUE);
}
/* p prime? */
- if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, cb) != 1) {
+ if (BN_is_prime_ex(key->p, BN_prime_checks, NULL, NULL) != 1) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME);
}
/* q prime? */
- if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, cb) != 1) {
+ if (BN_is_prime_ex(key->q, BN_prime_checks, NULL, NULL) != 1) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME);
}
/* n = p*q? */
@@ -69,7 +104,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
}
if (BN_cmp(i, key->n) != 0) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_N_DOES_NOT_EQUAL_P_Q);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q);
}
/* d*e = 1 mod lcm(p-1,q-1)? */
@@ -102,7 +137,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
if (!BN_is_one(i)) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_D_E_NOT_CONGRUENT_TO_1);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1);
}
if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) {
@@ -117,7 +152,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
}
if (BN_cmp(j, key->dmp1) != 0) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D);
}
/* dmq1 = d mod (q-1)? */
@@ -131,7 +166,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
}
if (BN_cmp(j, key->dmq1) != 0) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D);
}
/* iqmp = q^-1 mod p? */
@@ -141,7 +176,7 @@ int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
}
if (BN_cmp(i, key->iqmp) != 0) {
ret = 0;
- RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_IQMP_NOT_INVERSE_OF_Q);
+ RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q);
}
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c
index 9cd733b2..5c416b53 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_crpt.c
@@ -1,24 +1,71 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/crypto.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/lhash.h>
-#include "internal/bn_int.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
#include <openssl/rand.h>
-#include "rsa_locl.h"
-
-int RSA_bits(const RSA *r)
-{
- return (BN_num_bits(r->n));
-}
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
int RSA_size(const RSA *r)
{
@@ -28,24 +75,52 @@ int RSA_size(const RSA *r)
int RSA_public_encrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_PUBLIC_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+ return -1;
+ }
+#endif
return (rsa->meth->rsa_pub_enc(flen, from, to, rsa, padding));
}
int RSA_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_PRIVATE_ENCRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+ return -1;
+ }
+#endif
return (rsa->meth->rsa_priv_enc(flen, from, to, rsa, padding));
}
int RSA_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_PRIVATE_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+ return -1;
+ }
+#endif
return (rsa->meth->rsa_priv_dec(flen, from, to, rsa, padding));
}
int RSA_public_decrypt(int flen, const unsigned char *from, unsigned char *to,
RSA *rsa, int padding)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_PUBLIC_DECRYPT, RSA_R_NON_FIPS_RSA_METHOD);
+ return -1;
+ }
+#endif
return (rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding));
}
@@ -56,8 +131,10 @@ int RSA_flags(const RSA *r)
void RSA_blinding_off(RSA *rsa)
{
- BN_BLINDING_free(rsa->blinding);
- rsa->blinding = NULL;
+ if (rsa->blinding != NULL) {
+ BN_BLINDING_free(rsa->blinding);
+ rsa->blinding = NULL;
+ }
rsa->flags &= ~RSA_FLAG_BLINDING;
rsa->flags |= RSA_FLAG_NO_BLINDING;
}
@@ -110,7 +187,8 @@ static BIGNUM *rsa_get_public_exp(const BIGNUM *d, const BIGNUM *p,
BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
{
- BIGNUM *e;
+ BIGNUM local_n;
+ BIGNUM *e, *n;
BN_CTX *ctx;
BN_BLINDING *ret = NULL;
@@ -136,42 +214,33 @@ BN_BLINDING *RSA_setup_blinding(RSA *rsa, BN_CTX *in_ctx)
} else
e = rsa->e;
- if ((RAND_status() == 0) && rsa->d != NULL
- && bn_get_words(rsa->d) != NULL) {
+ if ((RAND_status() == 0) && rsa->d != NULL && rsa->d->d != NULL) {
/*
* if PRNG is not properly seeded, resort to secret exponent as
* unpredictable seed
*/
- RAND_add(bn_get_words(rsa->d), bn_get_dmax(rsa->d) * sizeof(BN_ULONG),
- 0.0);
+ RAND_add(rsa->d->d, rsa->d->dmax * sizeof rsa->d->d[0], 0.0);
}
- {
- BIGNUM *n = BN_new();
-
- if (n == NULL) {
- RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_MALLOC_FAILURE);
- goto err;
- }
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ /* Set BN_FLG_CONSTTIME flag */
+ n = &local_n;
BN_with_flags(n, rsa->n, BN_FLG_CONSTTIME);
+ } else
+ n = rsa->n;
- ret = BN_BLINDING_create_param(NULL, e, n, ctx, rsa->meth->bn_mod_exp,
- rsa->_method_mod_n);
- /* We MUST free n before any further use of rsa->n */
- BN_free(n);
- }
+ ret = BN_BLINDING_create_param(NULL, e, n, ctx,
+ rsa->meth->bn_mod_exp, rsa->_method_mod_n);
if (ret == NULL) {
RSAerr(RSA_F_RSA_SETUP_BLINDING, ERR_R_BN_LIB);
goto err;
}
-
- BN_BLINDING_set_current_thread(ret);
-
+ CRYPTO_THREADID_current(BN_BLINDING_thread_id(ret));
err:
BN_CTX_end(ctx);
- if (ctx != in_ctx)
+ if (in_ctx == NULL)
BN_CTX_free(ctx);
- if (e != rsa->e)
+ if (rsa->e == NULL)
BN_free(e);
return ret;
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
index 21e05625..32f0c888 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_depr.c
@@ -1,10 +1,56 @@
-/*
- * Copyright 2002-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_depr.c */
+/* ====================================================================
+ * Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
/*
@@ -12,27 +58,27 @@
* "new" versions).
*/
-#include <openssl/opensslconf.h>
-#if OPENSSL_API_COMPAT >= 0x00908000L
-NON_EMPTY_TRANSLATION_UNIT
+#include <stdio.h>
+#include <time.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
-#else
+#ifdef OPENSSL_NO_DEPRECATED
-# include <stdio.h>
-# include <time.h>
-# include "internal/cryptlib.h"
-# include <openssl/bn.h>
-# include <openssl/rsa.h>
+static void *dummy = &dummy;
+
+#else
RSA *RSA_generate_key(int bits, unsigned long e_value,
void (*callback) (int, int, void *), void *cb_arg)
{
+ BN_GENCB cb;
int i;
- BN_GENCB *cb = BN_GENCB_new();
RSA *rsa = RSA_new();
BIGNUM *e = BN_new();
- if (cb == NULL || rsa == NULL || e == NULL)
+ if (!rsa || !e)
goto err;
/*
@@ -45,17 +91,17 @@ RSA *RSA_generate_key(int bits, unsigned long e_value,
goto err;
}
- BN_GENCB_set_old(cb, callback, cb_arg);
+ BN_GENCB_set_old(&cb, callback, cb_arg);
- if (RSA_generate_key_ex(rsa, bits, e, cb)) {
+ if (RSA_generate_key_ex(rsa, bits, e, &cb)) {
BN_free(e);
- BN_GENCB_free(cb);
return rsa;
}
err:
- BN_free(e);
- RSA_free(rsa);
- BN_GENCB_free(cb);
+ if (e)
+ BN_free(e);
+ if (rsa)
+ RSA_free(rsa);
return 0;
}
#endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
index 78260664..b147fff8 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ossl.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_eay.c
@@ -1,54 +1,158 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_eay.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
+ */
+/* ====================================================================
+ * Copyright (c) 1998-2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@openssl.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.openssl.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
-#include "internal/cryptlib.h"
-#include "internal/bn_int.h"
-#include "rsa_locl.h"
+#include <stdio.h>
+#include "cryptlib.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
#ifndef RSA_NULL
-static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
-static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
-static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
-static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
-static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *i, RSA *rsa,
BN_CTX *ctx);
-static int rsa_ossl_init(RSA *rsa);
-static int rsa_ossl_finish(RSA *rsa);
-static RSA_METHOD rsa_pkcs1_ossl_meth = {
- "OpenSSL PKCS#1 RSA (from Eric Young)",
- rsa_ossl_public_encrypt,
- rsa_ossl_public_decrypt, /* signature verification */
- rsa_ossl_private_encrypt, /* signing */
- rsa_ossl_private_decrypt,
- rsa_ossl_mod_exp,
+static int RSA_eay_init(RSA *rsa);
+static int RSA_eay_finish(RSA *rsa);
+static RSA_METHOD rsa_pkcs1_eay_meth = {
+ "Eric Young's PKCS#1 RSA",
+ RSA_eay_public_encrypt,
+ RSA_eay_public_decrypt, /* signature verification */
+ RSA_eay_private_encrypt, /* signing */
+ RSA_eay_private_decrypt,
+ RSA_eay_mod_exp,
BN_mod_exp_mont, /* XXX probably we should not use Montgomery
* if e == 3 */
- rsa_ossl_init,
- rsa_ossl_finish,
- RSA_FLAG_FIPS_METHOD, /* flags */
+ RSA_eay_init,
+ RSA_eay_finish,
+ 0, /* flags */
NULL,
0, /* rsa_sign */
0, /* rsa_verify */
NULL /* rsa_keygen */
};
-const RSA_METHOD *RSA_PKCS1_OpenSSL(void)
+const RSA_METHOD *RSA_PKCS1_SSLeay(void)
{
- return &rsa_pkcs1_ossl_meth;
+ return (&rsa_pkcs1_eay_meth);
}
-static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
+static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret;
@@ -57,19 +161,19 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
BN_CTX *ctx = NULL;
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
}
if (BN_ucmp(rsa->n, rsa->e) <= 0) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
return -1;
}
/* for large moduli, enforce exponent limit */
if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
return -1;
}
}
@@ -81,8 +185,8 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
- if (f == NULL || ret == NULL || buf == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -90,9 +194,11 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
break;
+# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
break;
+# endif
case RSA_SSLV23_PADDING:
i = RSA_padding_add_SSLv23(buf, num, from, flen);
break;
@@ -100,7 +206,7 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
i = RSA_padding_add_none(buf, num, from, flen);
break;
default:
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0)
@@ -111,14 +217,14 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
if (BN_ucmp(f, rsa->n) >= 0) {
/* usually the padding functions would catch this */
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT,
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,
RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
@@ -136,28 +242,40 @@ static int rsa_ossl_public_encrypt(int flen, const unsigned char *from,
r = num;
err:
- if (ctx != NULL)
+ if (ctx != NULL) {
BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- OPENSSL_clear_free(buf, num);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
return (r);
}
static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
{
BN_BLINDING *ret;
+ int got_write_lock = 0;
+ CRYPTO_THREADID cur;
- CRYPTO_THREAD_write_lock(rsa->lock);
+ CRYPTO_r_lock(CRYPTO_LOCK_RSA);
if (rsa->blinding == NULL) {
- rsa->blinding = RSA_setup_blinding(rsa, ctx);
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+
+ if (rsa->blinding == NULL)
+ rsa->blinding = RSA_setup_blinding(rsa, ctx);
}
ret = rsa->blinding;
if (ret == NULL)
goto err;
- if (BN_BLINDING_is_current_thread(ret)) {
+ CRYPTO_THREADID_current(&cur);
+ if (!CRYPTO_THREADID_cmp(&cur, BN_BLINDING_thread_id(ret))) {
/* rsa->blinding is ours! */
*local = 1;
@@ -172,13 +290,23 @@ static BN_BLINDING *rsa_get_blinding(RSA *rsa, int *local, BN_CTX *ctx)
*local = 0;
if (rsa->mt_blinding == NULL) {
- rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
+ if (!got_write_lock) {
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA);
+ got_write_lock = 1;
+ }
+
+ if (rsa->mt_blinding == NULL)
+ rsa->mt_blinding = RSA_setup_blinding(rsa, ctx);
}
ret = rsa->mt_blinding;
}
err:
- CRYPTO_THREAD_unlock(rsa->lock);
+ if (got_write_lock)
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA);
+ else
+ CRYPTO_r_unlock(CRYPTO_LOCK_RSA);
return ret;
}
@@ -195,11 +323,9 @@ static int rsa_blinding_convert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
* Shared blinding: store the unblinding factor outside BN_BLINDING.
*/
int ret;
-
- BN_BLINDING_lock(b);
+ CRYPTO_w_lock(CRYPTO_LOCK_RSA_BLINDING);
ret = BN_BLINDING_convert_ex(f, unblind, b, ctx);
- BN_BLINDING_unlock(b);
-
+ CRYPTO_w_unlock(CRYPTO_LOCK_RSA_BLINDING);
return ret;
}
}
@@ -219,7 +345,7 @@ static int rsa_blinding_invert(BN_BLINDING *b, BIGNUM *f, BIGNUM *unblind,
}
/* signing */
-static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
+static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret, *res;
@@ -242,8 +368,8 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
- if (f == NULL || ret == NULL || buf == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -259,7 +385,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
break;
case RSA_SSLV23_PADDING:
default:
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0)
@@ -270,7 +396,7 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
if (BN_ucmp(f, rsa->n) >= 0) {
/* usually the padding functions would catch this */
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,
RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
@@ -278,14 +404,14 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (blinding != NULL) {
if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -299,27 +425,24 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
goto err;
} else {
- BIGNUM *d = BN_new();
- if (d == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_init(&local_d);
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
- BN_free(d);
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
- }
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
- rsa->_method_mod_n)) {
- BN_free(d);
+ rsa->_method_mod_n))
goto err;
- }
- /* We MUST free d before any further use of rsa->d */
- BN_free(d);
}
if (blinding)
@@ -346,14 +469,18 @@ static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
r = num;
err:
- if (ctx != NULL)
+ if (ctx != NULL) {
BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- OPENSSL_clear_free(buf, num);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
return (r);
}
-static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
+static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret;
@@ -377,8 +504,8 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
- if (f == NULL || ret == NULL || buf == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -387,7 +514,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
* top '0' bytes
*/
if (flen > num) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
RSA_R_DATA_GREATER_THAN_MOD_LEN);
goto err;
}
@@ -397,7 +524,7 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
goto err;
if (BN_ucmp(f, rsa->n) >= 0) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT,
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,
RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
@@ -405,14 +532,14 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (blinding != NULL) {
if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!rsa_blinding_convert(blinding, f, unblind, ctx))
@@ -427,26 +554,22 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
goto err;
} else {
- BIGNUM *d = BN_new();
- if (d == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, ERR_R_MALLOC_FAILURE);
- goto err;
- }
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx)) {
- BN_free(d);
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
- }
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
- rsa->_method_mod_n)) {
- BN_free(d);
+ rsa->_method_mod_n))
goto err;
- }
- /* We MUST free d before any further use of rsa->d */
- BN_free(d);
}
if (blinding)
@@ -460,9 +583,11 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
case RSA_PKCS1_PADDING:
r = RSA_padding_check_PKCS1_type_2(to, num, buf, j, num);
break;
+# ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
r = RSA_padding_check_PKCS1_OAEP(to, num, buf, j, num, NULL, 0);
break;
+# endif
case RSA_SSLV23_PADDING:
r = RSA_padding_check_SSLv23(to, num, buf, j, num);
break;
@@ -470,22 +595,26 @@ static int rsa_ossl_private_decrypt(int flen, const unsigned char *from,
r = RSA_padding_check_none(to, num, buf, j, num);
break;
default:
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (r < 0)
- RSAerr(RSA_F_RSA_OSSL_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+ RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
err:
- if (ctx != NULL)
+ if (ctx != NULL) {
BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- OPENSSL_clear_free(buf, num);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
return (r);
}
/* signature verification */
-static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
+static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret;
@@ -495,19 +624,19 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
BN_CTX *ctx = NULL;
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
}
if (BN_ucmp(rsa->n, rsa->e) <= 0) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
return -1;
}
/* for large moduli, enforce exponent limit */
if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS) {
if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_BAD_E_VALUE);
return -1;
}
}
@@ -519,8 +648,8 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
- if (f == NULL || ret == NULL || buf == NULL) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
+ if (!f || !ret || !buf) {
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -529,7 +658,7 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
* top '0' bytes
*/
if (flen > num) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_DATA_GREATER_THAN_MOD_LEN);
goto err;
}
@@ -537,21 +666,21 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
goto err;
if (BN_ucmp(f, rsa->n) >= 0) {
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT,
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,
RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
if (!rsa->meth->bn_mod_exp(ret, f, rsa->e, rsa->n, ctx,
rsa->_method_mod_n))
goto err;
- if ((padding == RSA_X931_PADDING) && ((bn_get_words(ret)[0] & 0xf) != 12))
+ if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
if (!BN_sub(ret, rsa->n, ret))
goto err;
@@ -569,124 +698,112 @@ static int rsa_ossl_public_decrypt(int flen, const unsigned char *from,
r = RSA_padding_check_none(to, num, buf, i, num);
break;
default:
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (r < 0)
- RSAerr(RSA_F_RSA_OSSL_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
+ RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT, RSA_R_PADDING_CHECK_FAILED);
err:
- if (ctx != NULL)
+ if (ctx != NULL) {
BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- OPENSSL_clear_free(buf, num);
+ BN_CTX_free(ctx);
+ }
+ if (buf != NULL) {
+ OPENSSL_cleanse(buf, num);
+ OPENSSL_free(buf);
+ }
return (r);
}
-static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
+static int RSA_eay_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
{
BIGNUM *r1, *m1, *vrfy;
+ BIGNUM local_dmp1, local_dmq1, local_c, local_r1;
+ BIGNUM *dmp1, *dmq1, *c, *pr1;
int ret = 0;
BN_CTX_start(ctx);
-
r1 = BN_CTX_get(ctx);
m1 = BN_CTX_get(ctx);
vrfy = BN_CTX_get(ctx);
{
- BIGNUM *p = BN_new(), *q = BN_new();
+ BIGNUM local_p, local_q;
+ BIGNUM *p = NULL, *q = NULL;
/*
- * Make sure BN_mod_inverse in Montgomery initialization uses the
- * BN_FLG_CONSTTIME flag
+ * Make sure BN_mod_inverse in Montgomery intialization uses the
+ * BN_FLG_CONSTTIME flag (unless RSA_FLAG_NO_CONSTTIME is set)
*/
- if (p == NULL || q == NULL) {
- BN_free(p);
- BN_free(q);
- goto err;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ BN_init(&local_p);
+ p = &local_p;
+ BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
+
+ BN_init(&local_q);
+ q = &local_q;
+ BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
+ } else {
+ p = rsa->p;
+ q = rsa->q;
}
- BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
- BN_with_flags(q, rsa->q, BN_FLG_CONSTTIME);
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) {
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_p, rsa->lock, p, ctx)
- || !BN_MONT_CTX_set_locked(&rsa->_method_mod_q,
- rsa->lock, q, ctx)) {
- BN_free(p);
- BN_free(q);
+ (&rsa->_method_mod_p, CRYPTO_LOCK_RSA, p, ctx))
+ goto err;
+ if (!BN_MONT_CTX_set_locked
+ (&rsa->_method_mod_q, CRYPTO_LOCK_RSA, q, ctx))
goto err;
- }
}
- /*
- * We MUST free p and q before any further use of rsa->p and rsa->q
- */
- BN_free(p);
- BN_free(q);
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked
- (&rsa->_method_mod_n, rsa->lock, rsa->n, ctx))
+ (&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
/* compute I mod q */
- {
- BIGNUM *c = BN_new();
- if (c == NULL)
- goto err;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
BN_with_flags(c, I, BN_FLG_CONSTTIME);
-
- if (!BN_mod(r1, c, rsa->q, ctx)) {
- BN_free(c);
+ if (!BN_mod(r1, c, rsa->q, ctx))
goto err;
- }
-
- {
- BIGNUM *dmq1 = BN_new();
- if (dmq1 == NULL) {
- BN_free(c);
- goto err;
- }
- BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
-
- /* compute r1^dmq1 mod q */
- if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx,
- rsa->_method_mod_q)) {
- BN_free(c);
- BN_free(dmq1);
- goto err;
- }
- /* We MUST free dmq1 before any further use of rsa->dmq1 */
- BN_free(dmq1);
- }
-
- /* compute I mod p */
- if (!BN_mod(r1, c, rsa->p, ctx)) {
- BN_free(c);
+ } else {
+ if (!BN_mod(r1, I, rsa->q, ctx))
goto err;
- }
- /* We MUST free c before any further use of I */
- BN_free(c);
}
- {
- BIGNUM *dmp1 = BN_new();
- if (dmp1 == NULL)
- goto err;
- BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+ /* compute r1^dmq1 mod q */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmq1 = &local_dmq1;
+ BN_with_flags(dmq1, rsa->dmq1, BN_FLG_CONSTTIME);
+ } else
+ dmq1 = rsa->dmq1;
+ if (!rsa->meth->bn_mod_exp(m1, r1, dmq1, rsa->q, ctx, rsa->_method_mod_q))
+ goto err;
- /* compute r1^dmp1 mod p */
- if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx,
- rsa->_method_mod_p)) {
- BN_free(dmp1);
+ /* compute I mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ c = &local_c;
+ BN_with_flags(c, I, BN_FLG_CONSTTIME);
+ if (!BN_mod(r1, c, rsa->p, ctx))
+ goto err;
+ } else {
+ if (!BN_mod(r1, I, rsa->p, ctx))
goto err;
- }
- /* We MUST free dmp1 before any further use of rsa->dmp1 */
- BN_free(dmp1);
}
+ /* compute r1^dmp1 mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ dmp1 = &local_dmp1;
+ BN_with_flags(dmp1, rsa->dmp1, BN_FLG_CONSTTIME);
+ } else
+ dmp1 = rsa->dmp1;
+ if (!rsa->meth->bn_mod_exp(r0, r1, dmp1, rsa->p, ctx, rsa->_method_mod_p))
+ goto err;
+
if (!BN_sub(r0, r0, m1))
goto err;
/*
@@ -700,19 +817,14 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
if (!BN_mul(r1, r0, rsa->iqmp, ctx))
goto err;
- {
- BIGNUM *pr1 = BN_new();
- if (pr1 == NULL)
- goto err;
+ /* Turn BN_FLG_CONSTTIME flag on before division operation */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr1 = &local_r1;
BN_with_flags(pr1, r1, BN_FLG_CONSTTIME);
-
- if (!BN_mod(r0, pr1, rsa->p, ctx)) {
- BN_free(pr1);
- goto err;
- }
- /* We MUST free pr1 before any further use of r1 */
- BN_free(pr1);
- }
+ } else
+ pr1 = r1;
+ if (!BN_mod(r0, pr1, rsa->p, ctx))
+ goto err;
/*
* If p < q it is occasionally possible for the correction of adding 'p'
@@ -753,18 +865,17 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
* return that instead.
*/
- BIGNUM *d = BN_new();
- if (d == NULL)
- goto err;
- BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ BIGNUM local_d;
+ BIGNUM *d = NULL;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
+ BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
if (!rsa->meth->bn_mod_exp(r0, I, d, rsa->n, ctx,
- rsa->_method_mod_n)) {
- BN_free(d);
+ rsa->_method_mod_n))
goto err;
- }
- /* We MUST free d before any further use of rsa->d */
- BN_free(d);
}
}
ret = 1;
@@ -773,17 +884,20 @@ static int rsa_ossl_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
return (ret);
}
-static int rsa_ossl_init(RSA *rsa)
+static int RSA_eay_init(RSA *rsa)
{
rsa->flags |= RSA_FLAG_CACHE_PUBLIC | RSA_FLAG_CACHE_PRIVATE;
return (1);
}
-static int rsa_ossl_finish(RSA *rsa)
+static int RSA_eay_finish(RSA *rsa)
{
- BN_MONT_CTX_free(rsa->_method_mod_n);
- BN_MONT_CTX_free(rsa->_method_mod_p);
- BN_MONT_CTX_free(rsa->_method_mod_q);
+ if (rsa->_method_mod_n != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_n);
+ if (rsa->_method_mod_p != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_p);
+ if (rsa->_method_mod_q != NULL)
+ BN_MONT_CTX_free(rsa->_method_mod_q);
return (1);
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
index bf54095b..0bab05ef 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_err.c
@@ -1,11 +1,62 @@
-/*
- * Generated by util/mkerr.pl DO NOT EDIT
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_err.c */
+/* ====================================================================
+ * Copyright (c) 1999-2014 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * openssl-core@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
+ *
+ */
+
+/*
+ * NOTE: this file was auto generated by the mkerr.pl script: any changes
+ * made to it will be overwritten when the script next updates this file,
+ * only reason strings will be preserved.
*/
#include <stdio.h>
@@ -19,35 +70,36 @@
# define ERR_REASON(reason) ERR_PACK(ERR_LIB_RSA,0,reason)
static ERR_STRING_DATA RSA_str_functs[] = {
- {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "check_padding_md"},
- {ERR_FUNC(RSA_F_ENCODE_PKCS1), "encode_pkcs1"},
- {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "int_rsa_verify"},
- {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "old_rsa_priv_decode"},
- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "pkey_rsa_ctrl"},
- {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "pkey_rsa_ctrl_str"},
- {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "pkey_rsa_sign"},
- {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "pkey_rsa_verify"},
- {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "pkey_rsa_verifyrecover"},
- {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "rsa_algor_to_md"},
- {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "rsa_builtin_keygen"},
+ {ERR_FUNC(RSA_F_CHECK_PADDING_MD), "CHECK_PADDING_MD"},
+ {ERR_FUNC(RSA_F_DO_RSA_PRINT), "DO_RSA_PRINT"},
+ {ERR_FUNC(RSA_F_INT_RSA_VERIFY), "INT_RSA_VERIFY"},
+ {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
+ {ERR_FUNC(RSA_F_OLD_RSA_PRIV_DECODE), "OLD_RSA_PRIV_DECODE"},
+ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL), "PKEY_RSA_CTRL"},
+ {ERR_FUNC(RSA_F_PKEY_RSA_CTRL_STR), "PKEY_RSA_CTRL_STR"},
+ {ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
+ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFY), "PKEY_RSA_VERIFY"},
+ {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
+ {ERR_FUNC(RSA_F_RSA_ALGOR_TO_MD), "RSA_ALGOR_TO_MD"},
+ {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
- {ERR_FUNC(RSA_F_RSA_CHECK_KEY_EX), "RSA_check_key_ex"},
- {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "rsa_cms_decrypt"},
- {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "rsa_item_verify"},
- {ERR_FUNC(RSA_F_RSA_METH_DUP), "RSA_meth_dup"},
- {ERR_FUNC(RSA_F_RSA_METH_NEW), "RSA_meth_new"},
- {ERR_FUNC(RSA_F_RSA_METH_SET1_NAME), "RSA_meth_set1_name"},
- {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "rsa_mgf1_to_md"},
+ {ERR_FUNC(RSA_F_RSA_CMS_DECRYPT), "RSA_CMS_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT), "RSA_EAY_PRIVATE_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT), "RSA_EAY_PRIVATE_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT), "RSA_EAY_PUBLIC_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT), "RSA_EAY_PUBLIC_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY), "RSA_generate_key"},
+ {ERR_FUNC(RSA_F_RSA_GENERATE_KEY_EX), "RSA_generate_key_ex"},
+ {ERR_FUNC(RSA_F_RSA_ITEM_VERIFY), "RSA_ITEM_VERIFY"},
+ {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK), "RSA_memory_lock"},
+ {ERR_FUNC(RSA_F_RSA_MGF1_TO_MD), "RSA_MGF1_TO_MD"},
{ERR_FUNC(RSA_F_RSA_NEW_METHOD), "RSA_new_method"},
{ERR_FUNC(RSA_F_RSA_NULL), "RSA_NULL"},
- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_null_private_decrypt"},
- {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_null_private_encrypt"},
- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_null_public_decrypt"},
- {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_null_public_encrypt"},
- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_DECRYPT), "rsa_ossl_private_decrypt"},
- {ERR_FUNC(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT), "rsa_ossl_private_encrypt"},
- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_DECRYPT), "rsa_ossl_public_decrypt"},
- {ERR_FUNC(RSA_F_RSA_OSSL_PUBLIC_ENCRYPT), "rsa_ossl_public_encrypt"},
+ {ERR_FUNC(RSA_F_RSA_NULL_MOD_EXP), "RSA_NULL_MOD_EXP"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_DECRYPT), "RSA_NULL_PRIVATE_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PRIVATE_ENCRYPT), "RSA_NULL_PRIVATE_ENCRYPT"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_DECRYPT), "RSA_NULL_PUBLIC_DECRYPT"},
+ {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT), "RSA_NULL_PUBLIC_ENCRYPT"},
{ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),
"RSA_padding_add_PKCS1_OAEP"},
@@ -75,9 +127,14 @@ static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931), "RSA_padding_check_X931"},
{ERR_FUNC(RSA_F_RSA_PRINT), "RSA_print"},
{ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
- {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "rsa_priv_encode"},
- {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "rsa_pss_to_ctx"},
- {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "rsa_pub_decode"},
+ {ERR_FUNC(RSA_F_RSA_PRIVATE_DECRYPT), "RSA_private_decrypt"},
+ {ERR_FUNC(RSA_F_RSA_PRIVATE_ENCRYPT), "RSA_private_encrypt"},
+ {ERR_FUNC(RSA_F_RSA_PRIV_DECODE), "RSA_PRIV_DECODE"},
+ {ERR_FUNC(RSA_F_RSA_PRIV_ENCODE), "RSA_PRIV_ENCODE"},
+ {ERR_FUNC(RSA_F_RSA_PSS_TO_CTX), "RSA_PSS_TO_CTX"},
+ {ERR_FUNC(RSA_F_RSA_PUBLIC_DECRYPT), "RSA_public_decrypt"},
+ {ERR_FUNC(RSA_F_RSA_PUBLIC_ENCRYPT), "RSA_public_encrypt"},
+ {ERR_FUNC(RSA_F_RSA_PUB_DECODE), "RSA_PUB_DECODE"},
{ERR_FUNC(RSA_F_RSA_SETUP_BLINDING), "RSA_setup_blinding"},
{ERR_FUNC(RSA_F_RSA_SIGN), "RSA_sign"},
{ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),
@@ -85,6 +142,7 @@ static ERR_STRING_DATA RSA_str_functs[] = {
{ERR_FUNC(RSA_F_RSA_VERIFY), "RSA_verify"},
{ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING),
"RSA_verify_ASN1_OCTET_STRING"},
+ {ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_verify_PKCS1_PSS"},
{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1), "RSA_verify_PKCS1_PSS_mgf1"},
{0, NULL}
};
@@ -119,6 +177,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
{ERR_REASON(RSA_R_INVALID_DIGEST), "invalid digest"},
{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH), "invalid digest length"},
{ERR_REASON(RSA_R_INVALID_HEADER), "invalid header"},
+ {ERR_REASON(RSA_R_INVALID_KEYBITS), "invalid keybits"},
{ERR_REASON(RSA_R_INVALID_LABEL), "invalid label"},
{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH), "invalid message length"},
{ERR_REASON(RSA_R_INVALID_MGF1_MD), "invalid mgf1 md"},
@@ -134,11 +193,14 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
{ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL), "key size too small"},
{ERR_REASON(RSA_R_LAST_OCTET_INVALID), "last octet invalid"},
{ERR_REASON(RSA_R_MODULUS_TOO_LARGE), "modulus too large"},
+ {ERR_REASON(RSA_R_NON_FIPS_RSA_METHOD), "non fips rsa method"},
{ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT), "no public exponent"},
{ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),
"null before block missing"},
{ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q), "n does not equal p q"},
{ERR_REASON(RSA_R_OAEP_DECODING_ERROR), "oaep decoding error"},
+ {ERR_REASON(RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE),
+ "operation not allowed in fips mode"},
{ERR_REASON(RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE),
"operation not supported for this keytype"},
{ERR_REASON(RSA_R_PADDING_CHECK_FAILED), "padding check failed"},
@@ -156,6 +218,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
{ERR_REASON(RSA_R_UNKNOWN_DIGEST), "unknown digest"},
{ERR_REASON(RSA_R_UNKNOWN_MASK_DIGEST), "unknown mask digest"},
{ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE), "unknown padding type"},
+ {ERR_REASON(RSA_R_UNKNOWN_PSS_DIGEST), "unknown pss digest"},
{ERR_REASON(RSA_R_UNSUPPORTED_ENCRYPTION_TYPE),
"unsupported encryption type"},
{ERR_REASON(RSA_R_UNSUPPORTED_LABEL_SOURCE), "unsupported label source"},
@@ -172,7 +235,7 @@ static ERR_STRING_DATA RSA_str_reasons[] = {
#endif
-int ERR_load_RSA_strings(void)
+void ERR_load_RSA_strings(void)
{
#ifndef OPENSSL_NO_ERR
@@ -181,5 +244,4 @@ int ERR_load_RSA_strings(void)
ERR_load_strings(0, RSA_str_reasons);
}
#endif
- return 1;
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
index 0d1d56bf..082c8da2 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_gen.c
@@ -1,10 +1,59 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_gen.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
/*
@@ -15,9 +64,14 @@
#include <stdio.h>
#include <time.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
-#include "rsa_locl.h"
+#include <openssl/rsa.h>
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+extern int FIPS_rsa_x931_generate_key_ex(RSA *rsa, int bits, BIGNUM *e,
+ BN_GENCB *cb);
+#endif
static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
BN_GENCB *cb);
@@ -31,8 +85,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
*/
int RSA_generate_key_ex(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
{
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_GENERATE_KEY_EX, RSA_R_NON_FIPS_RSA_METHOD);
+ return 0;
+ }
+#endif
if (rsa->meth->rsa_keygen)
return rsa->meth->rsa_keygen(rsa, bits, e_value, cb);
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_rsa_x931_generate_key_ex(rsa, bits, e_value, cb);
+#endif
return rsa_builtin_keygen(rsa, bits, e_value, cb);
}
@@ -40,6 +105,8 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
BN_GENCB *cb)
{
BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL, *tmp;
+ BIGNUM local_r0, local_d, local_p;
+ BIGNUM *pr0, *d, *p;
int bitsp, bitsq, ok = -1, n = 0;
BN_CTX *ctx = NULL;
@@ -60,19 +127,19 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
/* We need the RSA components non-NULL */
if (!rsa->n && ((rsa->n = BN_new()) == NULL))
goto err;
- if (!rsa->d && ((rsa->d = BN_secure_new()) == NULL))
+ if (!rsa->d && ((rsa->d = BN_new()) == NULL))
goto err;
if (!rsa->e && ((rsa->e = BN_new()) == NULL))
goto err;
- if (!rsa->p && ((rsa->p = BN_secure_new()) == NULL))
+ if (!rsa->p && ((rsa->p = BN_new()) == NULL))
goto err;
- if (!rsa->q && ((rsa->q = BN_secure_new()) == NULL))
+ if (!rsa->q && ((rsa->q = BN_new()) == NULL))
goto err;
- if (!rsa->dmp1 && ((rsa->dmp1 = BN_secure_new()) == NULL))
+ if (!rsa->dmp1 && ((rsa->dmp1 = BN_new()) == NULL))
goto err;
- if (!rsa->dmq1 && ((rsa->dmq1 = BN_secure_new()) == NULL))
+ if (!rsa->dmq1 && ((rsa->dmq1 = BN_new()) == NULL))
goto err;
- if (!rsa->iqmp && ((rsa->iqmp = BN_secure_new()) == NULL))
+ if (!rsa->iqmp && ((rsa->iqmp = BN_new()) == NULL))
goto err;
if (BN_copy(rsa->e, e_value) == NULL)
@@ -137,53 +204,37 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
goto err; /* q-1 */
if (!BN_mul(r0, r1, r2, ctx))
goto err; /* (p-1)(q-1) */
- {
- BIGNUM *pr0 = BN_new();
-
- if (pr0 == NULL)
- goto err;
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ pr0 = &local_r0;
BN_with_flags(pr0, r0, BN_FLG_CONSTTIME);
- if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx)) {
- BN_free(pr0);
- goto err; /* d */
- }
- /* We MUST free pr0 before any further use of r0 */
- BN_free(pr0);
- }
-
- {
- BIGNUM *d = BN_new();
-
- if (d == NULL)
- goto err;
+ } else
+ pr0 = r0;
+ if (!BN_mod_inverse(rsa->d, rsa->e, pr0, ctx))
+ goto err; /* d */
+
+ /* set up d for correct BN_FLG_CONSTTIME flag */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ d = &local_d;
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
+ } else
+ d = rsa->d;
- if ( /* calculate d mod (p-1) */
- !BN_mod(rsa->dmp1, d, r1, ctx)
- /* calculate d mod (q-1) */
- || !BN_mod(rsa->dmq1, d, r2, ctx)) {
- BN_free(d);
- goto err;
- }
- /* We MUST free d before any further use of rsa->d */
- BN_free(d);
- }
+ /* calculate d mod (p-1) */
+ if (!BN_mod(rsa->dmp1, d, r1, ctx))
+ goto err;
- {
- BIGNUM *p = BN_new();
+ /* calculate d mod (q-1) */
+ if (!BN_mod(rsa->dmq1, d, r2, ctx))
+ goto err;
- if (p == NULL)
- goto err;
+ /* calculate inverse of q mod p */
+ if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME)) {
+ p = &local_p;
BN_with_flags(p, rsa->p, BN_FLG_CONSTTIME);
-
- /* calculate inverse of q mod p */
- if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx)) {
- BN_free(p);
- goto err;
- }
- /* We MUST free p before any further use of rsa->p */
- BN_free(p);
- }
+ } else
+ p = rsa->p;
+ if (!BN_mod_inverse(rsa->iqmp, rsa->q, p, ctx))
+ goto err;
ok = 1;
err:
@@ -191,9 +242,10 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value,
RSAerr(RSA_F_RSA_BUILTIN_KEYGEN, ERR_LIB_BN);
ok = 0;
}
- if (ctx != NULL)
+ if (ctx != NULL) {
BN_CTX_end(ctx);
- BN_CTX_free(ctx);
+ BN_CTX_free(ctx);
+ }
return ok;
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
index 48e9100a..6ea6b40d 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_lib.c
@@ -1,19 +1,77 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_lib.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
#include <openssl/crypto.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/lhash.h>
-#include "internal/bn_int.h"
-#include <openssl/engine.h>
-#include "rsa_locl.h"
+#include <openssl/bn.h>
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
+#ifndef OPENSSL_NO_ENGINE
+# include <openssl/engine.h>
+#endif
+
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+
+const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT;
static const RSA_METHOD *default_RSA_meth = NULL;
@@ -32,10 +90,17 @@ void RSA_set_default_method(const RSA_METHOD *meth)
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL) {
-#ifdef RSA_NULL
- default_RSA_meth = RSA_null_method();
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode())
+ return FIPS_rsa_pkcs1_ssleay();
+ else
+ return RSA_PKCS1_SSLeay();
#else
- default_RSA_meth = RSA_PKCS1_OpenSSL();
+# ifdef RSA_NULL
+ default_RSA_meth = RSA_null_method();
+# else
+ default_RSA_meth = RSA_PKCS1_SSLeay();
+# endif
#endif
}
@@ -58,8 +123,10 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
if (mtmp->finish)
mtmp->finish(rsa);
#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(rsa->engine);
- rsa->engine = NULL;
+ if (rsa->engine) {
+ ENGINE_finish(rsa->engine);
+ rsa->engine = NULL;
+ }
#endif
rsa->meth = meth;
if (meth->init)
@@ -69,56 +136,74 @@ int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
RSA *RSA_new_method(ENGINE *engine)
{
- RSA *ret = OPENSSL_zalloc(sizeof(*ret));
+ RSA *ret;
+ ret = (RSA *)OPENSSL_malloc(sizeof(RSA));
if (ret == NULL) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
return NULL;
}
-
- ret->references = 1;
- ret->lock = CRYPTO_THREAD_lock_new();
- if (ret->lock == NULL) {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
- OPENSSL_free(ret);
- return NULL;
- }
+ memset(ret,0,sizeof(RSA));
ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
- ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (engine) {
if (!ENGINE_init(engine)) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- goto err;
+ OPENSSL_free(ret);
+ return NULL;
}
ret->engine = engine;
} else
ret->engine = ENGINE_get_default_RSA();
if (ret->engine) {
ret->meth = ENGINE_get_RSA(ret->engine);
- if (ret->meth == NULL) {
+ if (!ret->meth) {
RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
- goto err;
+ ENGINE_finish(ret->engine);
+ OPENSSL_free(ret);
+ return NULL;
}
}
#endif
+ ret->pad = 0;
+ ret->version = 0;
+ ret->n = NULL;
+ ret->e = NULL;
+ ret->d = NULL;
+ ret->p = NULL;
+ ret->q = NULL;
+ ret->dmp1 = NULL;
+ ret->dmq1 = NULL;
+ ret->iqmp = NULL;
+ ret->references = 1;
+ ret->_method_mod_n = NULL;
+ ret->_method_mod_p = NULL;
+ ret->_method_mod_q = NULL;
+ ret->blinding = NULL;
+ ret->mt_blinding = NULL;
+ ret->bignum_data = NULL;
ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
- goto err;
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ OPENSSL_free(ret);
+ return (NULL);
}
if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
- RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
- goto err;
+#ifndef OPENSSL_NO_ENGINE
+ if (ret->engine)
+ ENGINE_finish(ret->engine);
+#endif
+ CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data);
+ OPENSSL_free(ret);
+ ret = NULL;
}
-
- return ret;
-
-err:
- RSA_free(ret);
- return NULL;
+ return (ret);
}
void RSA_free(RSA *r)
@@ -128,48 +213,75 @@ void RSA_free(RSA *r)
if (r == NULL)
return;
- CRYPTO_atomic_add(&r->references, -1, &i, r->lock);
- REF_PRINT_COUNT("RSA", r);
+ i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+ REF_PRINT("RSA", r);
+#endif
if (i > 0)
return;
- REF_ASSERT_ISNT(i < 0);
+#ifdef REF_CHECK
+ if (i < 0) {
+ fprintf(stderr, "RSA_free, bad reference count\n");
+ abort();
+ }
+#endif
if (r->meth->finish)
r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
- ENGINE_finish(r->engine);
+ if (r->engine)
+ ENGINE_finish(r->engine);
#endif
CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
- CRYPTO_THREAD_lock_free(r->lock);
-
- BN_clear_free(r->n);
- BN_clear_free(r->e);
- BN_clear_free(r->d);
- BN_clear_free(r->p);
- BN_clear_free(r->q);
- BN_clear_free(r->dmp1);
- BN_clear_free(r->dmq1);
- BN_clear_free(r->iqmp);
- BN_BLINDING_free(r->blinding);
- BN_BLINDING_free(r->mt_blinding);
- OPENSSL_free(r->bignum_data);
+ if (r->n != NULL)
+ BN_clear_free(r->n);
+ if (r->e != NULL)
+ BN_clear_free(r->e);
+ if (r->d != NULL)
+ BN_clear_free(r->d);
+ if (r->p != NULL)
+ BN_clear_free(r->p);
+ if (r->q != NULL)
+ BN_clear_free(r->q);
+ if (r->dmp1 != NULL)
+ BN_clear_free(r->dmp1);
+ if (r->dmq1 != NULL)
+ BN_clear_free(r->dmq1);
+ if (r->iqmp != NULL)
+ BN_clear_free(r->iqmp);
+ if (r->blinding != NULL)
+ BN_BLINDING_free(r->blinding);
+ if (r->mt_blinding != NULL)
+ BN_BLINDING_free(r->mt_blinding);
+ if (r->bignum_data != NULL)
+ OPENSSL_free_locked(r->bignum_data);
OPENSSL_free(r);
}
int RSA_up_ref(RSA *r)
{
- int i;
-
- if (CRYPTO_atomic_add(&r->references, 1, &i, r->lock) <= 0)
- return 0;
-
- REF_PRINT_COUNT("RSA", r);
- REF_ASSERT_ISNT(i < 2);
+ int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA);
+#ifdef REF_PRINT
+ REF_PRINT("RSA", r);
+#endif
+#ifdef REF_CHECK
+ if (i < 2) {
+ fprintf(stderr, "RSA_up_ref, bad reference count\n");
+ abort();
+ }
+#endif
return ((i > 1) ? 1 : 0);
}
+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)
+{
+ return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp,
+ new_func, dup_func, free_func);
+}
+
int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
return (CRYPTO_set_ex_data(&r->ex_data, idx, arg));
@@ -180,131 +292,46 @@ void *RSA_get_ex_data(const RSA *r, int idx)
return (CRYPTO_get_ex_data(&r->ex_data, idx));
}
-int RSA_security_bits(const RSA *rsa)
-{
- return BN_security_bits(BN_num_bits(rsa->n), -1);
-}
-
-int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
-{
- /* If the fields n and e in r are NULL, the corresponding input
- * parameters MUST be non-NULL for n and e. d may be
- * left NULL (in case only the public key is used).
- */
- if ((r->n == NULL && n == NULL)
- || (r->e == NULL && e == NULL))
- return 0;
-
- if (n != NULL) {
- BN_free(r->n);
- r->n = n;
- }
- if (e != NULL) {
- BN_free(r->e);
- r->e = e;
- }
- if (d != NULL) {
- BN_free(r->d);
- r->d = d;
- }
-
- return 1;
-}
-
-int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
+int RSA_memory_lock(RSA *r)
{
- /* If the fields p and q in r are NULL, the corresponding input
- * parameters MUST be non-NULL.
- */
- if ((r->p == NULL && p == NULL)
- || (r->q == NULL && q == NULL))
- return 0;
-
- if (p != NULL) {
- BN_free(r->p);
- r->p = p;
- }
- if (q != NULL) {
- BN_free(r->q);
- r->q = q;
- }
-
- return 1;
-}
-
-int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
-{
- /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
- * parameters MUST be non-NULL.
- */
- if ((r->dmp1 == NULL && dmp1 == NULL)
- || (r->dmq1 == NULL && dmq1 == NULL)
- || (r->iqmp == NULL && iqmp == NULL))
- return 0;
-
- if (dmp1 != NULL) {
- BN_free(r->dmp1);
- r->dmp1 = dmp1;
+ int i, j, k, off;
+ char *p;
+ BIGNUM *bn, **t[6], *b;
+ BN_ULONG *ul;
+
+ if (r->d == NULL)
+ return (1);
+ t[0] = &r->d;
+ t[1] = &r->p;
+ t[2] = &r->q;
+ t[3] = &r->dmp1;
+ t[4] = &r->dmq1;
+ t[5] = &r->iqmp;
+ k = sizeof(BIGNUM) * 6;
+ off = k / sizeof(BN_ULONG) + 1;
+ j = 1;
+ for (i = 0; i < 6; i++)
+ j += (*t[i])->top;
+ if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) {
+ RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE);
+ return (0);
}
- if (dmq1 != NULL) {
- BN_free(r->dmq1);
- r->dmq1 = dmq1;
+ bn = (BIGNUM *)p;
+ ul = (BN_ULONG *)&(p[off]);
+ for (i = 0; i < 6; i++) {
+ b = *(t[i]);
+ *(t[i]) = &(bn[i]);
+ memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM));
+ bn[i].flags = BN_FLG_STATIC_DATA;
+ bn[i].d = ul;
+ memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top);
+ ul += b->top;
+ BN_clear_free(b);
}
- if (iqmp != NULL) {
- BN_free(r->iqmp);
- r->iqmp = iqmp;
- }
-
- return 1;
-}
-
-void RSA_get0_key(const RSA *r,
- const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
-{
- if (n != NULL)
- *n = r->n;
- if (e != NULL)
- *e = r->e;
- if (d != NULL)
- *d = r->d;
-}
-
-void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
-{
- if (p != NULL)
- *p = r->p;
- if (q != NULL)
- *q = r->q;
-}
-
-void RSA_get0_crt_params(const RSA *r,
- const BIGNUM **dmp1, const BIGNUM **dmq1,
- const BIGNUM **iqmp)
-{
- if (dmp1 != NULL)
- *dmp1 = r->dmp1;
- if (dmq1 != NULL)
- *dmq1 = r->dmq1;
- if (iqmp != NULL)
- *iqmp = r->iqmp;
-}
-void RSA_clear_flags(RSA *r, int flags)
-{
- r->flags &= ~flags;
-}
+ /* I should fix this so it can still be done */
+ r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC);
-int RSA_test_flags(const RSA *r, int flags)
-{
- return r->flags & flags;
-}
-
-void RSA_set_flags(RSA *r, int flags)
-{
- r->flags |= flags;
-}
-
-ENGINE *RSA_get0_engine(const RSA *r)
-{
- return r->engine;
+ r->bignum_data = p;
+ return (1);
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h
index 5d16aa6f..3e88187d 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_locl.h
@@ -1,95 +1,3 @@
-/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <openssl/rsa.h>
-
-struct rsa_st {
- /*
- * The first parameter is used to pickup errors where this is passed
- * instead of aEVP_PKEY, it is set to 0
- */
- int pad;
- long version;
- const RSA_METHOD *meth;
- /* functional reference if 'meth' is ENGINE-provided */
- ENGINE *engine;
- BIGNUM *n;
- BIGNUM *e;
- BIGNUM *d;
- BIGNUM *p;
- BIGNUM *q;
- BIGNUM *dmp1;
- BIGNUM *dmq1;
- BIGNUM *iqmp;
- /* be careful using this if the RSA structure is shared */
- CRYPTO_EX_DATA ex_data;
- int references;
- int flags;
- /* Used to cache montgomery values */
- BN_MONT_CTX *_method_mod_n;
- BN_MONT_CTX *_method_mod_p;
- BN_MONT_CTX *_method_mod_q;
- /*
- * all BIGNUM values are actually in the following data, if it is not
- * NULL
- */
- char *bignum_data;
- BN_BLINDING *blinding;
- BN_BLINDING *mt_blinding;
- CRYPTO_RWLOCK *lock;
-};
-
-struct rsa_meth_st {
- char *name;
- int (*rsa_pub_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- int (*rsa_pub_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- int (*rsa_priv_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- int (*rsa_priv_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding);
- /* Can be null */
- int (*rsa_mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx);
- /* Can be null */
- int (*bn_mod_exp) (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx);
- /* called at new */
- int (*init) (RSA *rsa);
- /* called at free */
- int (*finish) (RSA *rsa);
- /* RSA_METHOD_FLAG_* things */
- int flags;
- /* may be needed! */
- char *app_data;
- /*
- * New sign and verify functions: some libraries don't allow arbitrary
- * data to be signed/verified: this allows them to be used. Note: for
- * this to work the RSA_public_decrypt() and RSA_private_encrypt() should
- * *NOT* be used RSA_sign(), RSA_verify() should be used instead.
- */
- int (*rsa_sign) (int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa);
- int (*rsa_verify) (int dtype, const unsigned char *m,
- unsigned int m_length, const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa);
- /*
- * If this callback is NULL, the builtin software RSA key-gen will be
- * used. This is for behavioural compatibility whilst the code gets
- * rewired, but one day it would be nice to assume there are no such
- * things as "builtin software" implementations.
- */
- int (*rsa_keygen) (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb);
-};
-
extern int int_rsa_verify(int dtype, const unsigned char *m,
unsigned int m_len, unsigned char *rm,
size_t *prm_len, const unsigned char *sigbuf,
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c
deleted file mode 100644
index 9480abd7..00000000
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_meth.c
+++ /dev/null
@@ -1,273 +0,0 @@
-/*
- * Copyright 2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <string.h>
-#include "rsa_locl.h"
-#include <openssl/err.h>
-
-RSA_METHOD *RSA_meth_new(const char *name, int flags)
-{
- RSA_METHOD *meth = OPENSSL_zalloc(sizeof(*meth));
-
- if (meth != NULL) {
- meth->flags = flags;
-
- meth->name = OPENSSL_strdup(name);
- if (meth->name != NULL)
- return meth;
-
- OPENSSL_free(meth);
- }
-
- RSAerr(RSA_F_RSA_METH_NEW, ERR_R_MALLOC_FAILURE);
- return NULL;
-}
-
-void RSA_meth_free(RSA_METHOD *meth)
-{
- if (meth != NULL) {
- OPENSSL_free(meth->name);
- OPENSSL_free(meth);
- }
-}
-
-RSA_METHOD *RSA_meth_dup(const RSA_METHOD *meth)
-{
- RSA_METHOD *ret = OPENSSL_malloc(sizeof(*ret));
-
- if (ret != NULL) {
- memcpy(ret, meth, sizeof(*meth));
-
- ret->name = OPENSSL_strdup(meth->name);
- if (ret->name != NULL)
- return ret;
-
- OPENSSL_free(ret);
- }
-
- RSAerr(RSA_F_RSA_METH_DUP, ERR_R_MALLOC_FAILURE);
- return NULL;
-}
-
-const char *RSA_meth_get0_name(const RSA_METHOD *meth)
-{
- return meth->name;
-}
-
-int RSA_meth_set1_name(RSA_METHOD *meth, const char *name)
-{
- char *tmpname = OPENSSL_strdup(name);
-
- if (tmpname == NULL) {
- RSAerr(RSA_F_RSA_METH_SET1_NAME, ERR_R_MALLOC_FAILURE);
- return 0;
- }
-
- OPENSSL_free(meth->name);
- meth->name = tmpname;
-
- return 1;
-}
-
-int RSA_meth_get_flags(RSA_METHOD *meth)
-{
- return meth->flags;
-}
-
-int RSA_meth_set_flags(RSA_METHOD *meth, int flags)
-{
- meth->flags = flags;
- return 1;
-}
-
-void *RSA_meth_get0_app_data(const RSA_METHOD *meth)
-{
- return meth->app_data;
-}
-
-int RSA_meth_set0_app_data(RSA_METHOD *meth, void *app_data)
-{
- meth->app_data = app_data;
- return 1;
-}
-
-int (*RSA_meth_get_pub_enc(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
-{
- return meth->rsa_pub_enc;
-}
-
-int RSA_meth_set_pub_enc(RSA_METHOD *meth,
- int (*pub_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- meth->rsa_pub_enc = pub_enc;
- return 1;
-}
-
-int (*RSA_meth_get_pub_dec(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
-{
- return meth->rsa_pub_dec;
-}
-
-int RSA_meth_set_pub_dec(RSA_METHOD *meth,
- int (*pub_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- meth->rsa_pub_dec = pub_dec;
- return 1;
-}
-
-int (*RSA_meth_get_priv_enc(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
-{
- return meth->rsa_priv_enc;
-}
-
-int RSA_meth_set_priv_enc(RSA_METHOD *meth,
- int (*priv_enc) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- meth->rsa_priv_enc = priv_enc;
- return 1;
-}
-
-int (*RSA_meth_get_priv_dec(const RSA_METHOD *meth))
- (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa, int padding)
-{
- return meth->rsa_priv_dec;
-}
-
-int RSA_meth_set_priv_dec(RSA_METHOD *meth,
- int (*priv_dec) (int flen, const unsigned char *from,
- unsigned char *to, RSA *rsa,
- int padding))
-{
- meth->rsa_priv_dec = priv_dec;
- return 1;
-}
-
- /* Can be null */
-int (*RSA_meth_get_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r0, const BIGNUM *I, RSA *rsa, BN_CTX *ctx)
-{
- return meth->rsa_mod_exp;
-}
-
-int RSA_meth_set_mod_exp(RSA_METHOD *meth,
- int (*mod_exp) (BIGNUM *r0, const BIGNUM *I, RSA *rsa,
- BN_CTX *ctx))
-{
- meth->rsa_mod_exp = mod_exp;
- return 1;
-}
-
- /* Can be null */
-int (*RSA_meth_get_bn_mod_exp(const RSA_METHOD *meth))
- (BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
- const BIGNUM *m, BN_CTX *ctx, BN_MONT_CTX *m_ctx)
-{
- return meth->bn_mod_exp;
-}
-
-int RSA_meth_set_bn_mod_exp(RSA_METHOD *meth,
- int (*bn_mod_exp) (BIGNUM *r,
- const BIGNUM *a,
- const BIGNUM *p,
- const BIGNUM *m,
- BN_CTX *ctx,
- BN_MONT_CTX *m_ctx))
-{
- meth->bn_mod_exp = bn_mod_exp;
- return 1;
-}
-
- /* called at new */
-int (*RSA_meth_get_init(const RSA_METHOD *meth)) (RSA *rsa)
-{
- return meth->init;
-}
-
-int RSA_meth_set_init(RSA_METHOD *meth, int (*init) (RSA *rsa))
-{
- meth->init = init;
- return 1;
-}
-
- /* called at free */
-int (*RSA_meth_get_finish(const RSA_METHOD *meth)) (RSA *rsa)
-{
- return meth->finish;
-}
-
-int RSA_meth_set_finish(RSA_METHOD *meth, int (*finish) (RSA *rsa))
-{
- meth->finish = finish;
- return 1;
-}
-
-int (*RSA_meth_get_sign(const RSA_METHOD *meth))
- (int type,
- const unsigned char *m, unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa)
-{
- return meth->rsa_sign;
-}
-
-int RSA_meth_set_sign(RSA_METHOD *meth,
- int (*sign) (int type, const unsigned char *m,
- unsigned int m_length,
- unsigned char *sigret, unsigned int *siglen,
- const RSA *rsa))
-{
- meth->rsa_sign = sign;
- return 1;
-}
-
-int (*RSA_meth_get_verify(const RSA_METHOD *meth))
- (int dtype, const unsigned char *m,
- unsigned int m_length, const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa)
-{
- return meth->rsa_verify;
-}
-
-int RSA_meth_set_verify(RSA_METHOD *meth,
- int (*verify) (int dtype, const unsigned char *m,
- unsigned int m_length,
- const unsigned char *sigbuf,
- unsigned int siglen, const RSA *rsa))
-{
- meth->rsa_verify = verify;
- return 1;
-}
-
-int (*RSA_meth_get_keygen(const RSA_METHOD *meth))
- (RSA *rsa, int bits, BIGNUM *e, BN_GENCB *cb)
-{
- return meth->rsa_keygen;
-}
-
-int RSA_meth_set_keygen(RSA_METHOD *meth,
- int (*keygen) (RSA *rsa, int bits, BIGNUM *e,
- BN_GENCB *cb))
-{
- meth->rsa_keygen = keygen;
- return 1;
-}
-
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
index b78756d1..982b31f2 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_none.c
@@ -1,15 +1,66 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_none.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
-#include "internal/cryptlib.h"
+#include <stdio.h>
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#include <openssl/rand.h>
int RSA_padding_add_none(unsigned char *to, int tlen,
const unsigned char *from, int flen)
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
index d3394941..241b431a 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_null.c
@@ -1,16 +1,67 @@
+/* rsa_null.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 1999.
+ */
+/* ====================================================================
+ * Copyright (c) 1999 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
-#include "rsa_locl.h"
+#include <openssl/rsa.h>
+#include <openssl/rand.h>
/*
* This is a dummy RSA implementation that just returns errors when called.
@@ -28,6 +79,9 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
static int RSA_null_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding);
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(const BIGNUM *r0, const BIGNUM *i, RSA *rsa);
+#endif
static int RSA_null_init(RSA *rsa);
static int RSA_null_finish(RSA *rsa);
static RSA_METHOD rsa_null_meth = {
@@ -82,6 +136,14 @@ static int RSA_null_public_decrypt(int flen, const unsigned char *from,
return -1;
}
+#if 0 /* not currently used */
+static int RSA_null_mod_exp(BIGNUM *r0, BIGNUM *I, RSA *rsa)
+{
+ ... err(RSA_F_RSA_NULL_MOD_EXP, RSA_R_RSA_OPERATIONS_NOT_SUPPORTED);
+ return -1;
+}
+#endif
+
static int RSA_null_init(RSA *rsa)
{
return (1);
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
index 868104f1..19d28c6f 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_oaep.c
@@ -1,10 +1,7 @@
+/* crypto/rsa/rsa_oaep.c */
/*
- * Copyright 1999-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * Written by Ulf Moeller. This software is distributed on an "AS IS" basis,
+ * WITHOUT WARRANTY OF ANY KIND, either express or implied.
*/
/* EME-OAEP as defined in RFC 2437 (PKCS #1 v2.0) */
@@ -20,15 +17,16 @@
* one-wayness. For the RSA function, this is an equivalent notion.
*/
-#include "internal/constant_time_locl.h"
+#include "constant_time_locl.h"
-#include <stdio.h>
-#include "internal/cryptlib.h"
-#include <openssl/bn.h>
-#include <openssl/evp.h>
-#include <openssl/rand.h>
-#include <openssl/sha.h>
-#include "rsa_locl.h"
+#if !defined(OPENSSL_NO_SHA) && !defined(OPENSSL_NO_SHA1)
+# include <stdio.h>
+# include "cryptlib.h"
+# include <openssl/bn.h>
+# include <openssl/rsa.h>
+# include <openssl/evp.h>
+# include <openssl/rand.h>
+# include <openssl/sha.h>
int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen,
@@ -78,11 +76,11 @@ int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
if (RAND_bytes(seed, mdlen) <= 0)
return 0;
-#ifdef PKCS_TESTVECT
+# ifdef PKCS_TESTVECT
memcpy(seed,
"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",
20);
-#endif
+# endif
dbmask = OPENSSL_malloc(emlen - mdlen);
if (dbmask == NULL) {
@@ -239,8 +237,10 @@ int RSA_padding_check_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP_MGF1,
RSA_R_OAEP_DECODING_ERROR);
cleanup:
- OPENSSL_free(db);
- OPENSSL_free(em);
+ if (db != NULL)
+ OPENSSL_free(db);
+ if (em != NULL)
+ OPENSSL_free(em);
return mlen;
}
@@ -249,13 +249,12 @@ int PKCS1_MGF1(unsigned char *mask, long len,
{
long i, outlen = 0;
unsigned char cnt[4];
- EVP_MD_CTX *c = EVP_MD_CTX_new();
+ EVP_MD_CTX c;
unsigned char md[EVP_MAX_MD_SIZE];
int mdlen;
int rv = -1;
- if (c == NULL)
- goto err;
+ EVP_MD_CTX_init(&c);
mdlen = EVP_MD_size(dgst);
if (mdlen < 0)
goto err;
@@ -264,16 +263,16 @@ int PKCS1_MGF1(unsigned char *mask, long len,
cnt[1] = (unsigned char)((i >> 16) & 255);
cnt[2] = (unsigned char)((i >> 8)) & 255;
cnt[3] = (unsigned char)(i & 255);
- if (!EVP_DigestInit_ex(c, dgst, NULL)
- || !EVP_DigestUpdate(c, seed, seedlen)
- || !EVP_DigestUpdate(c, cnt, 4))
+ if (!EVP_DigestInit_ex(&c, dgst, NULL)
+ || !EVP_DigestUpdate(&c, seed, seedlen)
+ || !EVP_DigestUpdate(&c, cnt, 4))
goto err;
if (outlen + mdlen <= len) {
- if (!EVP_DigestFinal_ex(c, mask + outlen, NULL))
+ if (!EVP_DigestFinal_ex(&c, mask + outlen, NULL))
goto err;
outlen += mdlen;
} else {
- if (!EVP_DigestFinal_ex(c, md, NULL))
+ if (!EVP_DigestFinal_ex(&c, md, NULL))
goto err;
memcpy(mask + outlen, md, len - outlen);
outlen = len;
@@ -281,6 +280,8 @@ int PKCS1_MGF1(unsigned char *mask, long len,
}
rv = 0;
err:
- EVP_MD_CTX_free(c);
+ EVP_MD_CTX_cleanup(&c);
return rv;
}
+
+#endif
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
index efb16a02..efa1fd3e 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pk1.c
@@ -1,16 +1,65 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_pk1.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
-#include "internal/constant_time_locl.h"
+#include "constant_time_locl.h"
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
@@ -49,28 +98,7 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *p;
p = from;
-
- /*
- * The format is
- * 00 || 01 || PS || 00 || D
- * PS - padding string, at least 8 bytes of FF
- * D - data.
- */
-
- if (num < 11)
- return -1;
-
- /* Accept inputs with and without the leading 0-byte. */
- if (num == flen) {
- if ((*p++) != 0x00) {
- RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
- RSA_R_INVALID_PADDING);
- return -1;
- }
- flen--;
- }
-
- if ((num != (flen + 1)) || (*(p++) != 0x01)) {
+ if ((num != (flen + 1)) || (*(p++) != 01)) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,
RSA_R_BLOCK_TYPE_IS_NOT_01);
return (-1);
@@ -175,15 +203,16 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
if (num < 11)
goto err;
- em = OPENSSL_zalloc(num);
+ em = OPENSSL_malloc(num);
if (em == NULL) {
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2, ERR_R_MALLOC_FAILURE);
return -1;
}
+ memset(em, 0, num);
/*
* Always do this zero-padding copy (even when num == flen) to avoid
* leaking that information. The copy still leaks some side-channel
- * information, but it's impossible to have a fixed memory access
+ * information, but it's impossible to have a fixed memory access
* pattern since we can't read out of the bounds of |from|.
*
* TODO(emilia): Consider porting BN_bn2bin_padded from BoringSSL.
@@ -237,7 +266,8 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
memcpy(to, em + msg_index, mlen);
err:
- OPENSSL_free(em);
+ if (em != NULL)
+ OPENSSL_free(em);
if (mlen == -1)
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,
RSA_R_PKCS_DECODING_ERROR);
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c
index db4fb0fb..ac583bf6 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pmeth.c
@@ -1,22 +1,77 @@
+/* crypto/rsa/rsa_pmeth.c */
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/asn1t.h>
#include <openssl/x509.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/x509v3.h>
-#include <openssl/cms.h>
-#include "internal/evp_int.h"
+#ifndef OPENSSL_NO_CMS
+# include <openssl/cms.h>
+#endif
+#ifdef OPENSSL_FIPS
+# include <openssl/fips.h>
+#endif
+#include "evp_locl.h"
#include "rsa_locl.h"
/* RSA pkey context structure */
@@ -45,12 +100,21 @@ typedef struct {
static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
{
RSA_PKEY_CTX *rctx;
- rctx = OPENSSL_zalloc(sizeof(*rctx));
- if (rctx == NULL)
+ rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
+ if (!rctx)
return 0;
rctx->nbits = 1024;
+ rctx->pub_exp = NULL;
rctx->pad_mode = RSA_PKCS1_PADDING;
+ rctx->md = NULL;
+ rctx->mgf1md = NULL;
+ rctx->tbuf = NULL;
+
rctx->saltlen = -2;
+
+ rctx->oaep_label = NULL;
+ rctx->oaep_labellen = 0;
+
ctx->data = rctx;
ctx->keygen_info = rctx->gentmp;
ctx->keygen_info_count = 2;
@@ -75,8 +139,9 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
dctx->md = sctx->md;
dctx->mgf1md = sctx->mgf1md;
if (sctx->oaep_label) {
- OPENSSL_free(dctx->oaep_label);
- dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
+ if (dctx->oaep_label)
+ OPENSSL_free(dctx->oaep_label);
+ dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen);
if (!dctx->oaep_label)
return 0;
dctx->oaep_labellen = sctx->oaep_labellen;
@@ -89,7 +154,7 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
if (ctx->tbuf)
return 1;
ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
- if (ctx->tbuf == NULL)
+ if (!ctx->tbuf)
return 0;
return 1;
}
@@ -98,13 +163,50 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
{
RSA_PKEY_CTX *rctx = ctx->data;
if (rctx) {
- BN_free(rctx->pub_exp);
- OPENSSL_free(rctx->tbuf);
- OPENSSL_free(rctx->oaep_label);
+ if (rctx->pub_exp)
+ BN_free(rctx->pub_exp);
+ if (rctx->tbuf)
+ OPENSSL_free(rctx->tbuf);
+ if (rctx->oaep_label)
+ OPENSSL_free(rctx->oaep_label);
OPENSSL_free(rctx);
}
}
+#ifdef OPENSSL_FIPS
+/*
+ * FIP checker. Return value indicates status of context parameters: 1 :
+ * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in
+ * FIPS mode.
+ */
+
+static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx)
+{
+ RSA_PKEY_CTX *rctx = ctx->data;
+ RSA *rsa = ctx->pkey->pkey.rsa;
+ int rv = -1;
+ if (!FIPS_mode())
+ return 0;
+ if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)
+ rv = 0;
+ if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv)
+ return -1;
+ if (rctx->md) {
+ const EVP_MD *fmd;
+ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->md));
+ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
+ return rv;
+ }
+ if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) {
+ const EVP_MD *fmd;
+ fmd = FIPS_get_digestbynid(EVP_MD_type(rctx->mgf1md));
+ if (!fmd || !(fmd->flags & EVP_MD_FLAG_FIPS))
+ return rv;
+ }
+ return 1;
+}
+#endif
+
static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
size_t *siglen, const unsigned char *tbs,
size_t tbslen)
@@ -113,17 +215,39 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
+#ifdef OPENSSL_FIPS
+ ret = pkey_fips_check_ctx(ctx);
+ if (ret < 0) {
+ RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return -1;
+ }
+#endif
+
if (rctx->md) {
if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
+#ifdef OPENSSL_FIPS
+ if (ret > 0) {
+ unsigned int slen;
+ ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md,
+ rctx->pad_mode,
+ rctx->saltlen,
+ rctx->mgf1md, sig, &slen);
+ if (ret > 0)
+ *siglen = slen;
+ else
+ *siglen = 0;
+ return ret;
+ }
+#endif
if (EVP_MD_type(rctx->md) == NID_mdc2) {
unsigned int sltmp;
if (rctx->pad_mode != RSA_PKCS1_PADDING)
return -1;
- ret = RSA_sign_ASN1_OCTET_STRING(0,
+ ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
tbs, tbslen, sig, &sltmp, rsa);
if (ret <= 0)
@@ -225,7 +349,27 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
RSA_PKEY_CTX *rctx = ctx->data;
RSA *rsa = ctx->pkey->pkey.rsa;
size_t rslen;
+#ifdef OPENSSL_FIPS
+ int rv;
+ rv = pkey_fips_check_ctx(ctx);
+ if (rv < 0) {
+ RSAerr(RSA_F_PKEY_RSA_VERIFY,
+ RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE);
+ return -1;
+ }
+#endif
if (rctx->md) {
+#ifdef OPENSSL_FIPS
+ if (rv > 0) {
+ return FIPS_rsa_verify_digest(rsa,
+ tbs, tbslen,
+ rctx->md,
+ rctx->pad_mode,
+ rctx->saltlen,
+ rctx->mgf1md, sig, siglen);
+
+ }
+#endif
if (rctx->pad_mode == RSA_PKCS1_PADDING)
return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
sig, siglen, rsa);
@@ -329,43 +473,20 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
static int check_padding_md(const EVP_MD *md, int padding)
{
- int mdnid;
if (!md)
return 1;
- mdnid = EVP_MD_type(md);
-
if (padding == RSA_NO_PADDING) {
RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
return 0;
}
if (padding == RSA_X931_PADDING) {
- if (RSA_X931_hash_id(mdnid) == -1) {
+ if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) {
RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
return 0;
}
- } else {
- switch(mdnid) {
- /* List of all supported RSA digests */
- case NID_sha1:
- case NID_sha224:
- case NID_sha256:
- case NID_sha384:
- case NID_sha512:
- case NID_md5:
- case NID_md5_sha1:
- case NID_md2:
- case NID_md4:
- case NID_mdc2:
- case NID_ripemd160:
- return 1;
-
- default:
- RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
- return 0;
-
- }
+ return 1;
}
return 1;
@@ -420,8 +541,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
return 1;
case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
- if (p1 < 512) {
- RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
+ if (p1 < 256) {
+ RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
return -2;
}
rctx->nbits = p1;
@@ -479,7 +600,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
return -2;
}
- OPENSSL_free(rctx->oaep_label);
+ if (rctx->oaep_label)
+ OPENSSL_free(rctx->oaep_label);
if (p2 && p1 > 0) {
rctx->oaep_label = p2;
rctx->oaep_labellen = p1;
@@ -526,21 +648,21 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
return 0;
}
- if (strcmp(type, "rsa_padding_mode") == 0) {
+ if (!strcmp(type, "rsa_padding_mode")) {
int pm;
- if (strcmp(value, "pkcs1") == 0)
+ if (!strcmp(value, "pkcs1"))
pm = RSA_PKCS1_PADDING;
- else if (strcmp(value, "sslv23") == 0)
+ else if (!strcmp(value, "sslv23"))
pm = RSA_SSLV23_PADDING;
- else if (strcmp(value, "none") == 0)
+ else if (!strcmp(value, "none"))
pm = RSA_NO_PADDING;
- else if (strcmp(value, "oeap") == 0)
+ else if (!strcmp(value, "oeap"))
pm = RSA_PKCS1_OAEP_PADDING;
- else if (strcmp(value, "oaep") == 0)
+ else if (!strcmp(value, "oaep"))
pm = RSA_PKCS1_OAEP_PADDING;
- else if (strcmp(value, "x931") == 0)
+ else if (!strcmp(value, "x931"))
pm = RSA_X931_PADDING;
- else if (strcmp(value, "pss") == 0)
+ else if (!strcmp(value, "pss"))
pm = RSA_PKCS1_PSS_PADDING;
else {
RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
@@ -549,19 +671,19 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
}
- if (strcmp(type, "rsa_pss_saltlen") == 0) {
+ if (!strcmp(type, "rsa_pss_saltlen")) {
int saltlen;
saltlen = atoi(value);
return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
}
- if (strcmp(type, "rsa_keygen_bits") == 0) {
+ if (!strcmp(type, "rsa_keygen_bits")) {
int nbits;
nbits = atoi(value);
return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
}
- if (strcmp(type, "rsa_keygen_pubexp") == 0) {
+ if (!strcmp(type, "rsa_keygen_pubexp")) {
int ret;
BIGNUM *pubexp = NULL;
if (!BN_asc2bn(&pubexp, value))
@@ -572,28 +694,28 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
return ret;
}
- if (strcmp(type, "rsa_mgf1_md") == 0) {
+ if (!strcmp(type, "rsa_mgf1_md")) {
const EVP_MD *md;
- if ((md = EVP_get_digestbyname(value)) == NULL) {
+ if (!(md = EVP_get_digestbyname(value))) {
RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
return 0;
}
return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
}
- if (strcmp(type, "rsa_oaep_md") == 0) {
+ if (!strcmp(type, "rsa_oaep_md")) {
const EVP_MD *md;
- if ((md = EVP_get_digestbyname(value)) == NULL) {
+ if (!(md = EVP_get_digestbyname(value))) {
RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
return 0;
}
return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
}
- if (strcmp(type, "rsa_oaep_label") == 0) {
+ if (!strcmp(type, "rsa_oaep_label")) {
unsigned char *lab;
long lablen;
int ret;
- lab = OPENSSL_hexstr2buf(value, &lablen);
+ lab = string_to_hex(value, &lablen);
if (!lab)
return 0;
ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
@@ -609,27 +731,22 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
{
RSA *rsa = NULL;
RSA_PKEY_CTX *rctx = ctx->data;
- BN_GENCB *pcb;
+ BN_GENCB *pcb, cb;
int ret;
- if (rctx->pub_exp == NULL) {
+ if (!rctx->pub_exp) {
rctx->pub_exp = BN_new();
- if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
+ if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
return 0;
}
rsa = RSA_new();
- if (rsa == NULL)
+ if (!rsa)
return 0;
if (ctx->pkey_gencb) {
- pcb = BN_GENCB_new();
- if (pcb == NULL) {
- RSA_free(rsa);
- return 0;
- }
+ pcb = &cb;
evp_pkey_set_cb_translate(pcb, ctx);
} else
pcb = NULL;
ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
- BN_GENCB_free(pcb);
if (ret > 0)
EVP_PKEY_assign_RSA(pkey, rsa);
else
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c
index 5e6c599e..076f871b 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_prn.c
@@ -1,18 +1,68 @@
+/* crypto/rsa/rsa_prn.c */
/*
- * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2006.
+ */
+/* ====================================================================
+ * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/rsa.h>
#include <openssl/evp.h>
-#ifndef OPENSSL_NO_STDIO
+#ifndef OPENSSL_NO_FP_API
int RSA_print_fp(FILE *fp, const RSA *x, int off)
{
BIO *b;
@@ -34,7 +84,7 @@ int RSA_print(BIO *bp, const RSA *x, int off)
EVP_PKEY *pk;
int ret;
pk = EVP_PKEY_new();
- if (pk == NULL || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
+ if (!pk || !EVP_PKEY_set1_RSA(pk, (RSA *)x))
return 0;
ret = EVP_PKEY_print_private(bp, pk, off, NULL);
EVP_PKEY_free(pk);
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
index 0ec63b2e..41bc0844 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_pss.c
@@ -1,20 +1,69 @@
+/* rsa_pss.c */
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/evp.h>
#include <openssl/rand.h>
#include <openssl/sha.h>
-#include "rsa_locl.h"
static const unsigned char zeroes[] = { 0, 0, 0, 0, 0, 0, 0, 0 };
@@ -38,12 +87,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
int hLen, maskedDBLen, MSBits, emLen;
const unsigned char *H;
unsigned char *DB = NULL;
- EVP_MD_CTX *ctx = EVP_MD_CTX_new();
+ EVP_MD_CTX ctx;
unsigned char H_[EVP_MAX_MD_SIZE];
-
-
- if (ctx == NULL)
- goto err;
+ EVP_MD_CTX_init(&ctx);
if (mgf1Hash == NULL)
mgf1Hash = Hash;
@@ -87,7 +133,7 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
DB = OPENSSL_malloc(maskedDBLen);
- if (DB == NULL) {
+ if (!DB) {
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, ERR_R_MALLOC_FAILURE);
goto err;
}
@@ -106,15 +152,15 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_SLEN_CHECK_FAILED);
goto err;
}
- if (!EVP_DigestInit_ex(ctx, Hash, NULL)
- || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes)
- || !EVP_DigestUpdate(ctx, mHash, hLen))
+ if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
+ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
+ || !EVP_DigestUpdate(&ctx, mHash, hLen))
goto err;
if (maskedDBLen - i) {
- if (!EVP_DigestUpdate(ctx, DB + i, maskedDBLen - i))
+ if (!EVP_DigestUpdate(&ctx, DB + i, maskedDBLen - i))
goto err;
}
- if (!EVP_DigestFinal_ex(ctx, H_, NULL))
+ if (!EVP_DigestFinal_ex(&ctx, H_, NULL))
goto err;
if (memcmp(H_, H, hLen)) {
RSAerr(RSA_F_RSA_VERIFY_PKCS1_PSS_MGF1, RSA_R_BAD_SIGNATURE);
@@ -123,8 +169,9 @@ int RSA_verify_PKCS1_PSS_mgf1(RSA *rsa, const unsigned char *mHash,
ret = 1;
err:
- OPENSSL_free(DB);
- EVP_MD_CTX_free(ctx);
+ if (DB)
+ OPENSSL_free(DB);
+ EVP_MD_CTX_cleanup(&ctx);
return ret;
@@ -146,7 +193,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
int ret = 0;
int hLen, maskedDBLen, MSBits, emLen;
unsigned char *H, *salt = NULL, *p;
- EVP_MD_CTX *ctx = NULL;
+ EVP_MD_CTX ctx;
if (mgf1Hash == NULL)
mgf1Hash = Hash;
@@ -184,7 +231,7 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
}
if (sLen > 0) {
salt = OPENSSL_malloc(sLen);
- if (salt == NULL) {
+ if (!salt) {
RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_PSS_MGF1,
ERR_R_MALLOC_FAILURE);
goto err;
@@ -194,17 +241,16 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
}
maskedDBLen = emLen - hLen - 1;
H = EM + maskedDBLen;
- ctx = EVP_MD_CTX_new();
- if (ctx == NULL)
- goto err;
- if (!EVP_DigestInit_ex(ctx, Hash, NULL)
- || !EVP_DigestUpdate(ctx, zeroes, sizeof zeroes)
- || !EVP_DigestUpdate(ctx, mHash, hLen))
+ EVP_MD_CTX_init(&ctx);
+ if (!EVP_DigestInit_ex(&ctx, Hash, NULL)
+ || !EVP_DigestUpdate(&ctx, zeroes, sizeof zeroes)
+ || !EVP_DigestUpdate(&ctx, mHash, hLen))
goto err;
- if (sLen && !EVP_DigestUpdate(ctx, salt, sLen))
+ if (sLen && !EVP_DigestUpdate(&ctx, salt, sLen))
goto err;
- if (!EVP_DigestFinal_ex(ctx, H, NULL))
+ if (!EVP_DigestFinal_ex(&ctx, H, NULL))
goto err;
+ EVP_MD_CTX_cleanup(&ctx);
/* Generate dbMask in place then perform XOR on it */
if (PKCS1_MGF1(EM, maskedDBLen, H, hLen, mgf1Hash))
@@ -232,8 +278,8 @@ int RSA_padding_add_PKCS1_PSS_mgf1(RSA *rsa, unsigned char *EM,
ret = 1;
err:
- EVP_MD_CTX_free(ctx);
- OPENSSL_free(salt);
+ if (salt)
+ OPENSSL_free(salt);
return ret;
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
index 9e5fff45..e4002360 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_saos.c
@@ -1,14 +1,63 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_saos.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
@@ -34,7 +83,7 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
return (0);
}
- s = OPENSSL_malloc((unsigned int)j + 1);
+ s = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
if (s == NULL) {
RSAerr(RSA_F_RSA_SIGN_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
return (0);
@@ -47,7 +96,8 @@ int RSA_sign_ASN1_OCTET_STRING(int type,
else
*siglen = i;
- OPENSSL_clear_free(s, (unsigned int)j + 1);
+ OPENSSL_cleanse(s, (unsigned int)j + 1);
+ OPENSSL_free(s);
return (ret);
}
@@ -67,7 +117,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
return (0);
}
- s = OPENSSL_malloc((unsigned int)siglen);
+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
if (s == NULL) {
RSAerr(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING, ERR_R_MALLOC_FAILURE);
goto err;
@@ -88,7 +138,11 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype,
} else
ret = 1;
err:
- ASN1_OCTET_STRING_free(sig);
- OPENSSL_clear_free(s, (unsigned int)siglen);
+ if (sig != NULL)
+ M_ASN1_OCTET_STRING_free(sig);
+ if (s != NULL) {
+ OPENSSL_cleanse(s, (unsigned int)siglen);
+ OPENSSL_free(s);
+ }
return (ret);
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
index 952d24fb..82ca8324 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_sign.c
@@ -1,248 +1,301 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_sign.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
+ *
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/objects.h>
#include <openssl/x509.h>
-#include "internal/x509_int.h"
#include "rsa_locl.h"
/* Size of an SSL signature: MD5+SHA1 */
#define SSL_SIG_LENGTH 36
-/*
- * encode_pkcs1 encodes a DigestInfo prefix of hash |type| and digest |m|, as
- * described in EMSA-PKCS1-v1_5-ENCODE, RFC 3447 section 9.2 step 2. This
- * encodes the DigestInfo (T and tLen) but does not add the padding.
- *
- * On success, it returns one and sets |*out| to a newly allocated buffer
- * containing the result and |*out_len| to its length. The caller must free
- * |*out| with |OPENSSL_free|. Otherwise, it returns zero.
- */
-static int encode_pkcs1(unsigned char **out, int *out_len, int type,
- const unsigned char *m, unsigned int m_len)
+int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+ unsigned char *sigret, unsigned int *siglen, RSA *rsa)
{
X509_SIG sig;
- X509_ALGOR algor;
ASN1_TYPE parameter;
+ int i, j, ret = 1;
+ unsigned char *p, *tmps = NULL;
+ const unsigned char *s = NULL;
+ X509_ALGOR algor;
ASN1_OCTET_STRING digest;
- uint8_t *der = NULL;
- int len;
-
- sig.algor = &algor;
- sig.algor->algorithm = OBJ_nid2obj(type);
- if (sig.algor->algorithm == NULL) {
- RSAerr(RSA_F_ENCODE_PKCS1, RSA_R_UNKNOWN_ALGORITHM_TYPE);
- return 0;
- }
- if (OBJ_length(sig.algor->algorithm) == 0) {
- RSAerr(RSA_F_ENCODE_PKCS1,
- RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_NON_FIPS_RSA_METHOD);
return 0;
}
- parameter.type = V_ASN1_NULL;
- parameter.value.ptr = NULL;
- sig.algor->parameter = &parameter;
-
- sig.digest = &digest;
- sig.digest->data = (unsigned char *)m;
- sig.digest->length = m_len;
-
- len = i2d_X509_SIG(&sig, &der);
- if (len < 0)
- return 0;
-
- *out = der;
- *out_len = len;
- return 1;
-}
-
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
- unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-{
- int encrypt_len, encoded_len = 0, ret = 0;
- unsigned char *tmps = NULL;
- const unsigned char *encoded = NULL;
-
- if (rsa->meth->rsa_sign) {
+#endif
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) {
return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
}
-
- /* Compute the encoded digest. */
+ /* Special case: SSL signature, just check the length */
if (type == NID_md5_sha1) {
- /*
- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
- * earlier. It has no DigestInfo wrapper but otherwise is
- * RSASSA-PKCS1-v1_5.
- */
if (m_len != SSL_SIG_LENGTH) {
RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
- return 0;
+ return (0);
}
- encoded_len = SSL_SIG_LENGTH;
- encoded = m;
+ i = SSL_SIG_LENGTH;
+ s = m;
} else {
- if (!encode_pkcs1(&tmps, &encoded_len, type, m, m_len))
- goto err;
- encoded = tmps;
- }
+ sig.algor = &algor;
+ sig.algor->algorithm = OBJ_nid2obj(type);
+ if (sig.algor->algorithm == NULL) {
+ RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+ return (0);
+ }
+ if (sig.algor->algorithm->length == 0) {
+ RSAerr(RSA_F_RSA_SIGN,
+ RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+ return (0);
+ }
+ parameter.type = V_ASN1_NULL;
+ parameter.value.ptr = NULL;
+ sig.algor->parameter = &parameter;
- if (encoded_len > RSA_size(rsa) - RSA_PKCS1_PADDING_SIZE) {
+ sig.digest = &digest;
+ sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
+ sig.digest->length = m_len;
+
+ i = i2d_X509_SIG(&sig, NULL);
+ }
+ j = RSA_size(rsa);
+ if (i > (j - RSA_PKCS1_PADDING_SIZE)) {
RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
- goto err;
+ return (0);
}
- encrypt_len = RSA_private_encrypt(encoded_len, encoded, sigret, rsa,
- RSA_PKCS1_PADDING);
- if (encrypt_len <= 0)
- goto err;
-
- *siglen = encrypt_len;
- ret = 1;
+ if (type != NID_md5_sha1) {
+ tmps = (unsigned char *)OPENSSL_malloc((unsigned int)j + 1);
+ if (tmps == NULL) {
+ RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+ return (0);
+ }
+ p = tmps;
+ i2d_X509_SIG(&sig, &p);
+ s = tmps;
+ }
+ i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
+ if (i <= 0)
+ ret = 0;
+ else
+ *siglen = i;
-err:
- OPENSSL_clear_free(tmps, (size_t)encoded_len);
- return ret;
+ if (type != NID_md5_sha1) {
+ OPENSSL_cleanse(tmps, (unsigned int)j + 1);
+ OPENSSL_free(tmps);
+ }
+ return (ret);
}
/*
- * int_rsa_verify verifies an RSA signature in |sigbuf| using |rsa|. It may be
- * called in two modes. If |rm| is NULL, it verifies the signature for digest
- * |m|. Otherwise, it recovers the digest from the signature, writing the digest
- * to |rm| and the length to |*prm_len|. |type| is the NID of the digest
- * algorithm to use. It returns one on successful verification and zero
- * otherwise.
+ * Check DigestInfo structure does not contain extraneous data by reencoding
+ * using DER and checking encoding against original.
*/
-int int_rsa_verify(int type, const unsigned char *m, unsigned int m_len,
+static int rsa_check_digestinfo(X509_SIG *sig, const unsigned char *dinfo,
+ int dinfolen)
+{
+ unsigned char *der = NULL;
+ int derlen;
+ int ret = 0;
+ derlen = i2d_X509_SIG(sig, &der);
+ if (derlen <= 0)
+ return 0;
+ if (derlen == dinfolen && !memcmp(dinfo, der, derlen))
+ ret = 1;
+ OPENSSL_cleanse(der, derlen);
+ OPENSSL_free(der);
+ return ret;
+}
+
+int int_rsa_verify(int dtype, const unsigned char *m,
+ unsigned int m_len,
unsigned char *rm, size_t *prm_len,
const unsigned char *sigbuf, size_t siglen, RSA *rsa)
{
- int decrypt_len, ret = 0, encoded_len = 0;
- unsigned char *decrypt_buf = NULL, *encoded = NULL;
+ int i, ret = 0, sigtype;
+ unsigned char *s;
+ X509_SIG *sig = NULL;
- if (siglen != (size_t)RSA_size(rsa)) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+#ifdef OPENSSL_FIPS
+ if (FIPS_mode() && !(rsa->meth->flags & RSA_FLAG_FIPS_METHOD)
+ && !(rsa->flags & RSA_FLAG_NON_FIPS_ALLOW)) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_NON_FIPS_RSA_METHOD);
return 0;
}
+#endif
- /* Recover the encoded digest. */
- decrypt_buf = OPENSSL_malloc(siglen);
- if (decrypt_buf == NULL) {
+ if (siglen != (unsigned int)RSA_size(rsa)) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+ return (0);
+ }
+
+ if ((dtype == NID_md5_sha1) && rm) {
+ i = RSA_public_decrypt((int)siglen,
+ sigbuf, rm, rsa, RSA_PKCS1_PADDING);
+ if (i <= 0)
+ return 0;
+ *prm_len = i;
+ return 1;
+ }
+
+ s = (unsigned char *)OPENSSL_malloc((unsigned int)siglen);
+ if (s == NULL) {
RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
goto err;
}
-
- decrypt_len = RSA_public_decrypt((int)siglen, sigbuf, decrypt_buf, rsa,
- RSA_PKCS1_PADDING);
- if (decrypt_len <= 0)
+ if ((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH)) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
goto err;
+ }
+ i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
- if (type == NID_md5_sha1) {
- /*
- * NID_md5_sha1 corresponds to the MD5/SHA1 combination in TLS 1.1 and
- * earlier. It has no DigestInfo wrapper but otherwise is
- * RSASSA-PKCS1-v1_5.
- */
- if (decrypt_len != SSL_SIG_LENGTH) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- goto err;
- }
-
- if (rm != NULL) {
- memcpy(rm, decrypt_buf, SSL_SIG_LENGTH);
- *prm_len = SSL_SIG_LENGTH;
- } else {
- if (m_len != SSL_SIG_LENGTH) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
- goto err;
- }
-
- if (memcmp(decrypt_buf, m, SSL_SIG_LENGTH) != 0) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- goto err;
- }
- }
- } else if (type == NID_mdc2 && decrypt_len == 2 + 16
- && decrypt_buf[0] == 0x04 && decrypt_buf[1] == 0x10) {
- /*
- * Oddball MDC2 case: signature can be OCTET STRING. check for correct
- * tag and length octets.
- */
- if (rm != NULL) {
- memcpy(rm, decrypt_buf + 2, 16);
+ if (i <= 0)
+ goto err;
+ /*
+ * Oddball MDC2 case: signature can be OCTET STRING. check for correct
+ * tag and length octets.
+ */
+ if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
+ if (rm) {
+ memcpy(rm, s + 2, 16);
*prm_len = 16;
+ ret = 1;
+ } else if (memcmp(m, s + 2, 16)) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
} else {
- if (m_len != 16) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
- goto err;
- }
-
- if (memcmp(m, decrypt_buf + 2, 16) != 0) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
- goto err;
- }
+ ret = 1;
}
+ } else if (dtype == NID_md5_sha1) {
+ /* Special case: SSL signature */
+ if ((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ else
+ ret = 1;
} else {
- /*
- * If recovering the digest, extract a digest-sized output from the end
- * of |decrypt_buf| for |encode_pkcs1|, then compare the decryption
- * output as in a standard verification.
- */
- if (rm != NULL) {
- const EVP_MD *md = EVP_get_digestbynid(type);
- if (md == NULL) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_UNKNOWN_ALGORITHM_TYPE);
- goto err;
- }
-
- m_len = EVP_MD_size(md);
- if (m_len > (size_t)decrypt_len) {
- RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
- goto err;
- }
- m = decrypt_buf + decrypt_len - m_len;
- }
+ const unsigned char *p = s;
+ sig = d2i_X509_SIG(NULL, &p, (long)i);
- /* Construct the encoded digest and ensure it matches. */
- if (!encode_pkcs1(&encoded, &encoded_len, type, m, m_len))
+ if (sig == NULL)
goto err;
- if (encoded_len != decrypt_len
- || memcmp(encoded, decrypt_buf, encoded_len) != 0) {
+ /* Excess data can be used to create forgeries */
+ if (p != s + i || !rsa_check_digestinfo(sig, s, i)) {
RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
goto err;
}
- /* Output the recovered digest. */
- if (rm != NULL) {
- memcpy(rm, m, m_len);
- *prm_len = m_len;
+ /*
+ * Parameters to the signature algorithm can also be used to create
+ * forgeries
+ */
+ if (sig->algor->parameter
+ && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ goto err;
}
- }
- ret = 1;
+ sigtype = OBJ_obj2nid(sig->algor->algorithm);
-err:
- OPENSSL_clear_free(encoded, (size_t)encoded_len);
- OPENSSL_clear_free(decrypt_buf, siglen);
- return ret;
+#ifdef RSA_DEBUG
+ /* put a backward compatibility flag in EAY */
+ fprintf(stderr, "in(%s) expect(%s)\n", OBJ_nid2ln(sigtype),
+ OBJ_nid2ln(dtype));
+#endif
+ if (sigtype != dtype) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_ALGORITHM_MISMATCH);
+ goto err;
+ }
+ if (rm) {
+ const EVP_MD *md;
+ md = EVP_get_digestbynid(dtype);
+ if (md && (EVP_MD_size(md) != sig->digest->length))
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH);
+ else {
+ memcpy(rm, sig->digest->data, sig->digest->length);
+ *prm_len = sig->digest->length;
+ ret = 1;
+ }
+ } else if (((unsigned int)sig->digest->length != m_len) ||
+ (memcmp(m, sig->digest->data, m_len) != 0)) {
+ RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+ } else
+ ret = 1;
+ }
+ err:
+ if (sig != NULL)
+ X509_SIG_free(sig);
+ if (s != NULL) {
+ OPENSSL_cleanse(s, (unsigned int)siglen);
+ OPENSSL_free(s);
+ }
+ return (ret);
}
-int RSA_verify(int type, const unsigned char *m, unsigned int m_len,
+int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
{
- if (rsa->meth->rsa_verify) {
- return rsa->meth->rsa_verify(type, m, m_len, sigbuf, siglen, rsa);
+ if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) {
+ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);
}
- return int_rsa_verify(type, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
+ return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
}
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
index 9ef6b80e..746e01f6 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ssl.c
@@ -1,14 +1,63 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
+/* crypto/rsa/rsa_ssl.c */
+/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
+ * All rights reserved.
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
+ * This package is an SSL implementation written
+ * by Eric Young (eay@cryptsoft.com).
+ * The implementation was written so as to conform with Netscapes SSL.
+ *
+ * This library is free for commercial and non-commercial use as long as
+ * the following conditions are aheared to. The following conditions
+ * apply to all code found in this distribution, be it the RC4, RSA,
+ * lhash, DES, etc., code; not just the SSL code. The SSL documentation
+ * included with this distribution is covered by the same copyright terms
+ * except that the holder is Tim Hudson (tjh@cryptsoft.com).
+ *
+ * Copyright remains Eric Young's, and as such any Copyright notices in
+ * the code are not to be removed.
+ * If this package is used in a product, Eric Young should be given attribution
+ * as the author of the parts of the library used.
+ * This can be in the form of a textual message at program startup or
+ * in documentation (online or textual) provided with the package.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the copyright
+ * notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in the
+ * documentation and/or other materials provided with the distribution.
+ * 3. All advertising materials mentioning features or use of this software
+ * must display the following acknowledgement:
+ * "This product includes cryptographic software written by
+ * Eric Young (eay@cryptsoft.com)"
+ * The word 'cryptographic' can be left out if the rouines from the library
+ * being used are not cryptographic related :-).
+ * 4. If you include any Windows specific code (or a derivative thereof) from
+ * the apps directory (application code) you must include an acknowledgement:
+ * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ *
+ * The licence and distribution terms for any publically available version or
+ * derivative of this code cannot be changed. i.e. this code cannot simply be
+ * copied and put under another distribution licence
+ * [including the GNU Public Licence.]
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
index b9301f37..725ead04 100644
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
+++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931.c
@@ -1,16 +1,67 @@
+/* rsa_x931.c */
/*
- * Copyright 2005-2016 The OpenSSL Project Authors. All Rights Reserved.
+ * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project
+ * 2005.
+ */
+/* ====================================================================
+ * Copyright (c) 2005 The OpenSSL Project. All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *
+ * 1. Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ *
+ * 2. Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * 3. All advertising materials mentioning features or use of this
+ * software must display the following acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
+ *
+ * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
+ * endorse or promote products derived from this software without
+ * prior written permission. For written permission, please contact
+ * licensing@OpenSSL.org.
+ *
+ * 5. Products derived from this software may not be called "OpenSSL"
+ * nor may "OpenSSL" appear in their names without prior written
+ * permission of the OpenSSL Project.
+ *
+ * 6. Redistributions of any form whatsoever must retain the following
+ * acknowledgment:
+ * "This product includes software developed by the OpenSSL Project
+ * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
+ * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
+ * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+ * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
+ * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
+ * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
+ * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
+ * OF THE POSSIBILITY OF SUCH DAMAGE.
+ * ====================================================================
+ *
+ * This product includes cryptographic software written by Eric Young
+ * (eay@cryptsoft.com). This product includes software written by Tim
+ * Hudson (tjh@cryptsoft.com).
*
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
*/
#include <stdio.h>
-#include "internal/cryptlib.h"
+#include "cryptlib.h"
#include <openssl/bn.h>
#include <openssl/rsa.h>
+#include <openssl/rand.h>
#include <openssl/objects.h>
int RSA_padding_add_X931(unsigned char *to, int tlen,
diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
deleted file mode 100644
index 9dd993fb..00000000
--- a/Cryptlib/OpenSSL/crypto/rsa/rsa_x931g.c
+++ /dev/null
@@ -1,195 +0,0 @@
-/*
- * Copyright 1995-2016 The OpenSSL Project Authors. All Rights Reserved.
- *
- * Licensed under the OpenSSL license (the "License"). You may not use
- * this file except in compliance with the License. You can obtain a copy
- * in the file LICENSE in the source distribution or at
- * https://www.openssl.org/source/license.html
- */
-
-#include <stdio.h>
-#include <string.h>
-#include <time.h>
-#include <openssl/err.h>
-#include <openssl/bn.h>
-#include "rsa_locl.h"
-
-/* X9.31 RSA key derivation and generation */
-
-int RSA_X931_derive_ex(RSA *rsa, BIGNUM *p1, BIGNUM *p2, BIGNUM *q1,
- BIGNUM *q2, const BIGNUM *Xp1, const BIGNUM *Xp2,
- const BIGNUM *Xp, const BIGNUM *Xq1, const BIGNUM *Xq2,
- const BIGNUM *Xq, const BIGNUM *e, BN_GENCB *cb)
-{
- BIGNUM *r0 = NULL, *r1 = NULL, *r2 = NULL, *r3 = NULL;
- BN_CTX *ctx = NULL, *ctx2 = NULL;
- int ret = 0;
-
- if (!rsa)
- goto err;
-
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto err;
- BN_CTX_start(ctx);
-
- r0 = BN_CTX_get(ctx);
- r1 = BN_CTX_get(ctx);
- r2 = BN_CTX_get(ctx);
- r3 = BN_CTX_get(ctx);
-
- if (r3 == NULL)
- goto err;
- if (!rsa->e) {
- rsa->e = BN_dup(e);
- if (!rsa->e)
- goto err;
- } else
- e = rsa->e;
-
- /*
- * If not all parameters present only calculate what we can. This allows
- * test programs to output selective parameters.
- */
-
- if (Xp && rsa->p == NULL) {
- rsa->p = BN_new();
- if (rsa->p == NULL)
- goto err;
-
- if (!BN_X931_derive_prime_ex(rsa->p, p1, p2,
- Xp, Xp1, Xp2, e, ctx, cb))
- goto err;
- }
-
- if (Xq && rsa->q == NULL) {
- rsa->q = BN_new();
- if (rsa->q == NULL)
- goto err;
- if (!BN_X931_derive_prime_ex(rsa->q, q1, q2,
- Xq, Xq1, Xq2, e, ctx, cb))
- goto err;
- }
-
- if (rsa->p == NULL || rsa->q == NULL) {
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- return 2;
- }
-
- /*
- * Since both primes are set we can now calculate all remaining
- * components.
- */
-
- /* calculate n */
- rsa->n = BN_new();
- if (rsa->n == NULL)
- goto err;
- if (!BN_mul(rsa->n, rsa->p, rsa->q, ctx))
- goto err;
-
- /* calculate d */
- if (!BN_sub(r1, rsa->p, BN_value_one()))
- goto err; /* p-1 */
- if (!BN_sub(r2, rsa->q, BN_value_one()))
- goto err; /* q-1 */
- if (!BN_mul(r0, r1, r2, ctx))
- goto err; /* (p-1)(q-1) */
-
- if (!BN_gcd(r3, r1, r2, ctx))
- goto err;
-
- if (!BN_div(r0, NULL, r0, r3, ctx))
- goto err; /* LCM((p-1)(q-1)) */
-
- ctx2 = BN_CTX_new();
- if (ctx2 == NULL)
- goto err;
-
- rsa->d = BN_mod_inverse(NULL, rsa->e, r0, ctx2); /* d */
- if (rsa->d == NULL)
- goto err;
-
- /* calculate d mod (p-1) */
- rsa->dmp1 = BN_new();
- if (rsa->dmp1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmp1, rsa->d, r1, ctx))
- goto err;
-
- /* calculate d mod (q-1) */
- rsa->dmq1 = BN_new();
- if (rsa->dmq1 == NULL)
- goto err;
- if (!BN_mod(rsa->dmq1, rsa->d, r2, ctx))
- goto err;
-
- /* calculate inverse of q mod p */
- rsa->iqmp = BN_mod_inverse(NULL, rsa->q, rsa->p, ctx2);
-
- ret = 1;
- err:
- if (ctx)
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
- BN_CTX_free(ctx2);
-
- return ret;
-
-}
-
-int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e,
- BN_GENCB *cb)
-{
- int ok = 0;
- BIGNUM *Xp = NULL, *Xq = NULL;
- BN_CTX *ctx = NULL;
-
- ctx = BN_CTX_new();
- if (ctx == NULL)
- goto error;
-
- BN_CTX_start(ctx);
- Xp = BN_CTX_get(ctx);
- Xq = BN_CTX_get(ctx);
- if (!BN_X931_generate_Xpq(Xp, Xq, bits, ctx))
- goto error;
-
- rsa->p = BN_new();
- rsa->q = BN_new();
- if (rsa->p == NULL || rsa->q == NULL)
- goto error;
-
- /* Generate two primes from Xp, Xq */
-
- if (!BN_X931_generate_prime_ex(rsa->p, NULL, NULL, NULL, NULL, Xp,
- e, ctx, cb))
- goto error;
-
- if (!BN_X931_generate_prime_ex(rsa->q, NULL, NULL, NULL, NULL, Xq,
- e, ctx, cb))
- goto error;
-
- /*
- * Since rsa->p and rsa->q are valid this call will just derive remaining
- * RSA components.
- */
-
- if (!RSA_X931_derive_ex(rsa, NULL, NULL, NULL, NULL,
- NULL, NULL, NULL, NULL, NULL, NULL, e, cb))
- goto error;
-
- ok = 1;
-
- error:
- if (ctx)
- BN_CTX_end(ctx);
- BN_CTX_free(ctx);
-
- if (ok)
- return 1;
-
- return 0;
-
-}
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-16 19:20:01 +0000