From 031e5cce385d3f96b1caa1d53495332a7eb03749 Mon Sep 17 00:00:00 2001 From: Steve McIntyre Date: Tue, 23 Mar 2021 23:49:46 +0000 Subject: New upstream version 15.3 --- Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c | 219 +++++++++++++++++++++++--------- 1 file changed, 160 insertions(+), 59 deletions(-) (limited to 'Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c') diff --git a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c index 5694140a..ddead3d7 100644 --- a/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c +++ b/Cryptlib/OpenSSL/crypto/rsa/rsa_ameth.c @@ -1,21 +1,72 @@ +/* crypto/rsa/rsa_ameth.c */ /* - * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. + * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project + * 2006. + */ +/* ==================================================================== + * Copyright (c) 2006 The OpenSSL Project. All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in + * the documentation and/or other materials provided with the + * distribution. + * + * 3. All advertising materials mentioning features or use of this + * software must display the following acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" + * + * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to + * endorse or promote products derived from this software without + * prior written permission. For written permission, please contact + * licensing@OpenSSL.org. + * + * 5. Products derived from this software may not be called "OpenSSL" + * nor may "OpenSSL" appear in their names without prior written + * permission of the OpenSSL Project. + * + * 6. Redistributions of any form whatsoever must retain the following + * acknowledgment: + * "This product includes software developed by the OpenSSL Project + * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" + * + * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY + * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR + * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, + * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT + * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; + * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, + * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED + * OF THE POSSIBILITY OF SUCH DAMAGE. + * ==================================================================== + * + * This product includes cryptographic software written by Eric Young + * (eay@cryptsoft.com). This product includes software written by Tim + * Hudson (tjh@cryptsoft.com). * - * Licensed under the OpenSSL license (the "License"). You may not use - * this file except in compliance with the License. You can obtain a copy - * in the file LICENSE in the source distribution or at - * https://www.openssl.org/source/license.html */ #include -#include "internal/cryptlib.h" +#include "cryptlib.h" #include #include +#include #include -#include -#include "internal/asn1_int.h" -#include "internal/evp_int.h" -#include "rsa_locl.h" +#ifndef OPENSSL_NO_CMS +# include +#endif +#include "asn1_locl.h" #ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); @@ -44,10 +95,9 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) const unsigned char *p; int pklen; RSA *rsa = NULL; - if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) return 0; - if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { + if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); return 0; } @@ -67,8 +117,7 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { RSA *rsa; - - if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { + if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); return 0; } @@ -101,7 +150,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 1; } -static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) +static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p; int pklen; @@ -120,21 +169,45 @@ static int rsa_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.rsa->n); } -static int rsa_security_bits(const EVP_PKEY *pkey) +static void int_rsa_free(EVP_PKEY *pkey) { - return RSA_security_bits(pkey->pkey.rsa); + RSA_free(pkey->pkey.rsa); } -static void int_rsa_free(EVP_PKEY *pkey) +static void update_buflen(const BIGNUM *b, size_t *pbuflen) { - RSA_free(pkey->pkey.rsa); + size_t i; + if (!b) + return; + if (*pbuflen < (i = (size_t)BN_num_bytes(b))) + *pbuflen = i; } static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) { char *str; const char *s; + unsigned char *m = NULL; int ret = 0, mod_len = 0; + size_t buf_len = 0; + + update_buflen(x->n, &buf_len); + update_buflen(x->e, &buf_len); + + if (priv) { + update_buflen(x->d, &buf_len); + update_buflen(x->p, &buf_len); + update_buflen(x->q, &buf_len); + update_buflen(x->dmp1, &buf_len); + update_buflen(x->dmq1, &buf_len); + update_buflen(x->iqmp, &buf_len); + } + + m = (unsigned char *)OPENSSL_malloc(buf_len + 10); + if (m == NULL) { + RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); + goto err; + } if (x->n != NULL) mod_len = BN_num_bits(x->n); @@ -143,36 +216,40 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) goto err; if (priv && x->d) { - if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) + if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) + <= 0) goto err; str = "modulus:"; s = "publicExponent:"; } else { - if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) + if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) + <= 0) goto err; str = "Modulus:"; s = "Exponent:"; } - if (!ASN1_bn_print(bp, str, x->n, NULL, off)) + if (!ASN1_bn_print(bp, str, x->n, m, off)) goto err; - if (!ASN1_bn_print(bp, s, x->e, NULL, off)) + if (!ASN1_bn_print(bp, s, x->e, m, off)) goto err; if (priv) { - if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) + if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) goto err; - if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) + if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) goto err; - if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) + if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) goto err; - if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) + if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) goto err; - if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) + if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) goto err; - if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) + if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) goto err; } ret = 1; err: + if (m != NULL) + OPENSSL_free(m); return (ret); } @@ -191,23 +268,34 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, /* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { - if (alg == NULL) + const unsigned char *p; + int plen; + if (alg == NULL || alg->parameter == NULL) return NULL; if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; - return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), - alg->parameter); + if (alg->parameter->type != V_ASN1_SEQUENCE) + return NULL; + + p = alg->parameter->value.sequence->data; + plen = alg->parameter->value.sequence->length; + return d2i_X509_ALGOR(NULL, &p, plen); } static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { + const unsigned char *p; + int plen; RSA_PSS_PARAMS *pss; *pmaskHash = NULL; - pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), - alg->parameter); + if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) + return NULL; + p = alg->parameter->value.sequence->data; + plen = alg->parameter->value.sequence->length; + pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); if (!pss) return NULL; @@ -299,8 +387,10 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, X509_ALGOR *maskHash; pss = rsa_pss_decode(sigalg, &maskHash); rv = rsa_pss_param_print(bp, pss, maskHash, indent); - RSA_PSS_PARAMS_free(pss); - X509_ALGOR_free(maskHash); + if (pss) + RSA_PSS_PARAMS_free(pss); + if (maskHash) + X509_ALGOR_free(maskHash); if (!rv) return 0; } else if (!sig && BIO_puts(bp, "\n") <= 0) @@ -366,7 +456,7 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) if (EVP_MD_type(md) == NID_sha1) return 1; *palg = X509_ALGOR_new(); - if (*palg == NULL) + if (!*palg) return 0; X509_ALGOR_set_md(*palg, md); return 1; @@ -386,13 +476,15 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) goto err; *palg = X509_ALGOR_new(); - if (*palg == NULL) + if (!*palg) goto err; X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); stmp = NULL; err: - ASN1_STRING_free(stmp); - X509_ALGOR_free(algtmp); + if (stmp) + ASN1_STRING_free(stmp); + if (algtmp) + X509_ALGOR_free(algtmp); if (*palg) return 1; return 0; @@ -459,11 +551,11 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) saltlen--; } pss = RSA_PSS_PARAMS_new(); - if (pss == NULL) + if (!pss) goto err; if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); - if (pss->saltLength == NULL) + if (!pss->saltLength) goto err; if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) goto err; @@ -477,16 +569,18 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) goto err; rv = 1; err: - RSA_PSS_PARAMS_free(pss); + if (pss) + RSA_PSS_PARAMS_free(pss); if (rv) return os; - ASN1_STRING_free(os); + if (os) + ASN1_STRING_free(os); return NULL; } /* * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL - * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are + * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are * passed to pkctx instead. */ @@ -568,7 +662,8 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, err: RSA_PSS_PARAMS_free(pss); - X509_ALGOR_free(maskHash); + if (maskHash) + X509_ALGOR_free(maskHash); return rv; } @@ -646,7 +741,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ASN1_BIT_STRING *sig) { int pad_mode; - EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); + EVP_PKEY_CTX *pkctx = ctx->pctx; if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) @@ -677,12 +772,17 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { + const unsigned char *p; + int plen; RSA_OAEP_PARAMS *pss; *pmaskHash = NULL; - pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), - alg->parameter); + if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) + return NULL; + p = alg->parameter->value.sequence->data; + plen = alg->parameter->value.sequence->length; + pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen); if (!pss) return NULL; @@ -760,7 +860,8 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) err: RSA_OAEP_PARAMS_free(oaep); - X509_ALGOR_free(maskHash); + if (maskHash) + X509_ALGOR_free(maskHash); return rv; } @@ -793,19 +894,18 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (labellen < 0) goto err; oaep = RSA_OAEP_PARAMS_new(); - if (oaep == NULL) + if (!oaep) goto err; if (!rsa_md_to_algor(&oaep->hashFunc, md)) goto err; if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) goto err; if (labellen > 0) { - ASN1_OCTET_STRING *los; + ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); oaep->pSourceFunc = X509_ALGOR_new(); - if (oaep->pSourceFunc == NULL) + if (!oaep->pSourceFunc) goto err; - los = ASN1_OCTET_STRING_new(); - if (los == NULL) + if (!los) goto err; if (!ASN1_OCTET_STRING_set(los, label, labellen)) { ASN1_OCTET_STRING_free(los); @@ -821,13 +921,15 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) os = NULL; rv = 1; err: - RSA_OAEP_PARAMS_free(oaep); - ASN1_STRING_free(os); + if (oaep) + RSA_OAEP_PARAMS_free(oaep); + if (os) + ASN1_STRING_free(os); return rv; } #endif -const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { +const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { { EVP_PKEY_RSA, EVP_PKEY_RSA, @@ -847,7 +949,6 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { int_rsa_size, rsa_bits, - rsa_security_bits, 0, 0, 0, 0, 0, 0, -- cgit v1.2.3