From dfeab0689f69c0b4bd3480ffd37a9cacc2f17d9c Mon Sep 17 00:00:00 2001 From: "Ralf S. Engelschall" Date: Mon, 21 Dec 1998 11:00:56 +0000 Subject: Import of old SSLeay release: SSLeay 0.9.1b (unreleased) --- crypto/rsa/f | 6 +++ crypto/rsa/rsa.err | 41 +++++++++-------- crypto/rsa/rsa.h | 59 ++++++++++++++---------- crypto/rsa/rsa_eay.c | 124 ++++++++++++++++++++++++++------------------------ crypto/rsa/rsa_err.c | 5 +- crypto/rsa/rsa_gen.c | 33 +++++++++----- crypto/rsa/rsa_lib.c | 57 +++++++++++++++++++++-- crypto/rsa/rsa_none.c | 5 +- crypto/rsa/rsa_pk1.c | 13 ++++-- crypto/rsa/rsa_sign.c | 2 + crypto/rsa/rsa_ssl.c | 5 +- 11 files changed, 220 insertions(+), 130 deletions(-) create mode 100644 crypto/rsa/f (limited to 'crypto/rsa') diff --git a/crypto/rsa/f b/crypto/rsa/f new file mode 100644 index 0000000000..57528ef93e --- /dev/null +++ b/crypto/rsa/f @@ -0,0 +1,6 @@ + if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) + { + if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n, + rsa->n,ctx)) goto err; + } diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err index 5ded1b5fa2..e866635fb7 100644 --- a/crypto/rsa/rsa.err +++ b/crypto/rsa/rsa.err @@ -1,26 +1,27 @@ /* Error codes for the RSA functions. */ /* Function codes. */ -#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 -#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 -#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 -#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 -#define RSA_F_RSA_GENERATE_KEY 104 -#define RSA_F_RSA_NEW_METHOD 105 -#define RSA_F_RSA_PADDING_ADD_NONE 106 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 -#define RSA_F_RSA_PADDING_ADD_SSLV23 109 -#define RSA_F_RSA_PADDING_CHECK_NONE 110 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 -#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 -#define RSA_F_RSA_PRINT 114 -#define RSA_F_RSA_PRINT_FP 115 -#define RSA_F_RSA_SIGN 116 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 -#define RSA_F_RSA_VERIFY 118 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_NEW_METHOD 106 +#define RSA_F_RSA_PADDING_ADD_NONE 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_CHECK_NONE 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PRINT 115 +#define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_SIGN 117 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +#define RSA_F_RSA_VERIFY 119 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index aeb78ffcd3..b7c02fdab7 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -102,11 +102,14 @@ typedef struct rsa_st int references; int flags; - /* Normally used to cached montgomery values */ + /* Normally used to cache montgomery values */ char *method_mod_n; char *method_mod_p; char *method_mod_q; + /* all BIGNUM values are actually in the following data, if it is not + * NULL */ + char *bignum_data; BN_BLINDING *blinding; } RSA; @@ -114,6 +117,7 @@ typedef struct rsa_st #define RSA_F4 0x10001L #define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ + #define RSA_FLAG_CACHE_PUBLIC 0x02 #define RSA_FLAG_CACHE_PRIVATE 0x04 #define RSA_FLAG_BLINDING 0x08 @@ -147,6 +151,9 @@ int RSA_flags(RSA *r); void RSA_set_default_method(RSA_METHOD *meth); +/* This function needs the memory locking malloc callbacks to be installed */ +int RSA_memory_lock(RSA *r); + /* If you have RSAref compiled in. */ RSA_METHOD *RSA_PKCS1_RSAref(void); @@ -193,19 +200,19 @@ void RSA_blinding_off(RSA *rsa); int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_padding_add_SSLv23(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_SSLv23(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_padding_add_none(unsigned char *to,int tlen, unsigned char *f,int fl); int RSA_padding_check_none(unsigned char *to,int tlen, - unsigned char *f,int fl); + unsigned char *f,int fl,int rsa_len); int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), int (*dup_func)(), void (*free_func)()); @@ -227,6 +234,7 @@ void RSA_free (); int RSA_flags(); void RSA_set_default_method(); +int RSA_memory_lock(); /* RSA_METHOD *RSA_PKCS1_RSAref(); */ RSA_METHOD *RSA_PKCS1_SSLeay(); @@ -274,26 +282,27 @@ char *RSA_get_ex_data(); /* Error codes for the RSA functions. */ /* Function codes. */ -#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100 -#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101 -#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102 -#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 -#define RSA_F_RSA_GENERATE_KEY 104 -#define RSA_F_RSA_NEW_METHOD 105 -#define RSA_F_RSA_PADDING_ADD_NONE 106 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 -#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 -#define RSA_F_RSA_PADDING_ADD_SSLV23 109 -#define RSA_F_RSA_PADDING_CHECK_NONE 110 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 -#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 -#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 -#define RSA_F_RSA_PRINT 114 -#define RSA_F_RSA_PRINT_FP 115 -#define RSA_F_RSA_SIGN 116 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 -#define RSA_F_RSA_VERIFY 118 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 +#define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 +#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 +#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 +#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104 +#define RSA_F_RSA_GENERATE_KEY 105 +#define RSA_F_RSA_NEW_METHOD 106 +#define RSA_F_RSA_PADDING_ADD_NONE 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109 +#define RSA_F_RSA_PADDING_ADD_SSLV23 110 +#define RSA_F_RSA_PADDING_CHECK_NONE 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 114 +#define RSA_F_RSA_PRINT 115 +#define RSA_F_RSA_PRINT_FP 116 +#define RSA_F_RSA_SIGN 117 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118 +#define RSA_F_RSA_VERIFY 119 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c index 00f8ea9341..7623189e41 100644 --- a/crypto/rsa/rsa_eay.c +++ b/crypto/rsa/rsa_eay.c @@ -110,11 +110,13 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)Malloc(num)) == NULL) @@ -140,9 +142,7 @@ int padding; } if (i <= 0) goto err; - if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err; - - if (BN_bin2bn(buf,num,f) == NULL) goto err; + if (BN_bin2bn(buf,num,&f) == NULL) goto err; if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { @@ -151,21 +151,21 @@ int padding; rsa->n,ctx)) goto err; } - if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->method_mod_n)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(ret); - i=BN_bn2bin(ret,&(to[num-j])); + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -181,11 +181,14 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,j,k,num=0,r= -1; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); + if ((ctx=BN_CTX_new()) == NULL) goto err; num=BN_num_bytes(rsa->n); if ((buf=(unsigned char *)Malloc(num)) == NULL) @@ -209,40 +212,39 @@ int padding; } if (i <= 0) goto err; - if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err; - if (BN_bin2bn(buf,num,f) == NULL) goto err; + if (BN_bin2bn(buf,num,&f) == NULL) goto err; if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; if ( (rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) - { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; /* put in leading 0 bytes if the number is less than the * length of the modulus */ - j=BN_num_bytes(ret); - i=BN_bn2bin(ret,&(to[num-j])); + j=BN_num_bytes(&ret); + i=BN_bn2bin(&ret,&(to[num-j])); for (k=0; k<(num-i); k++) to[k]=0; r=num; err: if (ctx != NULL) BN_CTX_free(ctx); - if (ret != NULL) BN_free(ret); - if (f != NULL) BN_free(f); + BN_clear_free(&ret); + BN_clear_free(&f); if (buf != NULL) { memset(buf,0,num); @@ -258,12 +260,14 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int j,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -284,13 +288,12 @@ int padding; } /* make data into a big number */ - if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err; - if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; + if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err; if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) RSA_blinding_on(rsa,ctx); if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err; /* do the decrypt */ if ( (rsa->p != NULL) && @@ -298,29 +301,29 @@ int padding; (rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL)) - { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; } else { - if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err; } if (rsa->flags & RSA_FLAG_BLINDING) - if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err; + if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err; p=buf; - j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ + j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */ switch (padding) { case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_2(to,num,buf,j); + r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num); break; case RSA_SSLV23_PADDING: - r=RSA_padding_check_SSLv23(to,num,buf,j); + r=RSA_padding_check_SSLv23(to,num,buf,j,num); break; case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,j); + r=RSA_padding_check_none(to,num,buf,j,num); break; default: RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); @@ -331,8 +334,8 @@ int padding; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -348,12 +351,14 @@ unsigned char *to; RSA *rsa; int padding; { - BIGNUM *f=NULL,*ret=NULL; + BIGNUM f,ret; int i,num=0,r= -1; unsigned char *p; unsigned char *buf=NULL; BN_CTX *ctx=NULL; + BN_init(&f); + BN_init(&ret); ctx=BN_CTX_new(); if (ctx == NULL) goto err; @@ -373,10 +378,7 @@ int padding; goto err; } - /* make data into a big number */ - if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err; - - if (BN_bin2bn(from,flen,f) == NULL) goto err; + if (BN_bin2bn(from,flen,&f) == NULL) goto err; /* do the decrypt */ if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) { @@ -385,19 +387,19 @@ int padding; rsa->n,ctx)) goto err; } - if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, + if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx, rsa->method_mod_n)) goto err; p=buf; - i=BN_bn2bin(ret,p); + i=BN_bn2bin(&ret,p); switch (padding) { case RSA_PKCS1_PADDING: - r=RSA_padding_check_PKCS1_type_1(to,num,buf,i); + r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num); break; case RSA_NO_PADDING: - r=RSA_padding_check_none(to,num,buf,i); + r=RSA_padding_check_none(to,num,buf,i,num); break; default: RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); @@ -408,8 +410,8 @@ int padding; err: if (ctx != NULL) BN_CTX_free(ctx); - if (f != NULL) BN_free(f); - if (ret != NULL) BN_free(ret); + BN_clear_free(&f); + BN_clear_free(&ret); if (buf != NULL) { memset(buf,0,num); @@ -423,14 +425,13 @@ BIGNUM *r0; BIGNUM *I; RSA *rsa; { - BIGNUM *r1=NULL,*m1=NULL; + BIGNUM r1,m1; int ret=0; BN_CTX *ctx; if ((ctx=BN_CTX_new()) == NULL) goto err; - m1=BN_new(); - r1=BN_new(); - if ((m1 == NULL) || (r1 == NULL)) goto err; + BN_init(&m1); + BN_init(&r1); if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) { @@ -452,26 +453,29 @@ RSA *rsa; } } - if (!BN_mod(r1,I,rsa->q,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx, + if (!BN_mod(&r1,I,rsa->q,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx, rsa->method_mod_q)) goto err; - if (!BN_mod(r1,I,rsa->p,ctx)) goto err; - if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx, + if (!BN_mod(&r1,I,rsa->p,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx, rsa->method_mod_p)) goto err; - if (!BN_add(r1,r0,rsa->p)) goto err; - if (!BN_sub(r0,r1,m1)) goto err; + if (!BN_sub(r0,r0,&m1)) goto err; + /* This will help stop the size of r0 increasing, which does + * affect the multiply if it optimised for a power of 2 size */ + if (r0->neg) + if (!BN_add(r0,r0,rsa->p)) goto err; - if (!BN_mul(r1,r0,rsa->iqmp)) goto err; - if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; - if (!BN_mul(r1,r0,rsa->q)) goto err; - if (!BN_add(r0,r1,m1)) goto err; + if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err; + if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err; + if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err; + if (!BN_add(r0,&r1,&m1)) goto err; ret=1; err: - if (m1 != NULL) BN_free(m1); - if (r1 != NULL) BN_free(r1); + BN_clear_free(&m1); + BN_clear_free(&r1); BN_CTX_free(ctx); return(ret); } diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 796b3afd47..7899a5d4e2 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -63,6 +63,7 @@ #ifndef NO_ERR static ERR_STRING_DATA RSA_str_functs[]= { +{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, @@ -117,8 +118,8 @@ void ERR_load_RSA_strings() { static int init=1; - if (init); - {; + if (init) + { init=0; #ifndef NO_ERR ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index aed2351cfb..936db49515 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -70,17 +70,17 @@ char *cb_arg; { RSA *rsa=NULL; BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; - int bitsp,bitsq,ok= -1,n=0; + int bitsp,bitsq,ok= -1,n=0,i; BN_CTX *ctx=NULL,*ctx2=NULL; ctx=BN_CTX_new(); if (ctx == NULL) goto err; ctx2=BN_CTX_new(); if (ctx2 == NULL) goto err; - r0=ctx->bn[0]; - r1=ctx->bn[1]; - r2=ctx->bn[2]; - r3=ctx->bn[3]; + r0= &(ctx->bn[0]); + r1= &(ctx->bn[1]); + r2= &(ctx->bn[2]); + r3= &(ctx->bn[3]); ctx->tos+=4; bitsp=(bits+1)/2; @@ -91,12 +91,23 @@ char *cb_arg; /* set e */ rsa->e=BN_new(); if (rsa->e == NULL) goto err; + +#if 1 + /* The problem is when building with 8, 16, or 32 BN_ULONG, + * unsigned long can be larger */ + for (i=0; ie,i); + } +#else if (!BN_set_word(rsa->e,e_value)) goto err; +#endif /* generate p and q */ for (;;) { - rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback,cb_arg); + rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg); if (rsa->p == NULL) goto err; if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; @@ -107,7 +118,7 @@ char *cb_arg; if (callback != NULL) callback(3,0,cb_arg); for (;;) { - rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback,cb_arg); + rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg); if (rsa->q == NULL) goto err; if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; @@ -127,12 +138,12 @@ char *cb_arg; /* calculate n */ rsa->n=BN_new(); if (rsa->n == NULL) goto err; - if (!BN_mul(rsa->n,rsa->p,rsa->q)) goto err; + if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err; /* calculate d */ if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */ if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */ - if (!BN_mul(r0,r1,r2)) goto err; /* (p-1)(q-1) */ + if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */ /* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */ /* for (;;) @@ -149,7 +160,7 @@ char *cb_arg; goto err; } */ - rsa->d=(BIGNUM *)BN_mod_inverse(rsa->e,r0,ctx2); /* d */ + rsa->d=(BIGNUM *)BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */ if (rsa->d == NULL) goto err; /* calculate d mod (p-1) */ @@ -163,7 +174,7 @@ char *cb_arg; if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err; /* calculate inverse of q mod p */ - rsa->iqmp=BN_mod_inverse(rsa->q,rsa->p,ctx2); + rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2); if (rsa->iqmp == NULL) goto err; ok=1; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index 95a56f8a28..5ce51f9f56 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -63,7 +63,7 @@ #include "bn.h" #include "rsa.h" -char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998"; +char *RSA_version="RSA part of SSLeay 0.9.1a 06-Jul-1998"; static RSA_METHOD *default_RSA_meth=NULL; static int rsa_meth_num=0; @@ -120,13 +120,15 @@ RSA_METHOD *meth; ret->method_mod_p=NULL; ret->method_mod_q=NULL; ret->blinding=NULL; + ret->bignum_data=NULL; ret->flags=ret->meth->flags; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { Free(ret); ret=NULL; } - CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); + else + CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); return(ret); } @@ -164,6 +166,7 @@ RSA *r; if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); if (r->blinding != NULL) BN_BLINDING_free(r->blinding); + if (r->bignum_data != NULL) Free_locked(r->bignum_data); Free(r); } @@ -275,10 +278,10 @@ BN_CTX *p_ctx; if (rsa->blinding != NULL) BN_BLINDING_free(rsa->blinding); - A=ctx->bn[0]; + A= &(ctx->bn[0]); ctx->tos++; if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; - if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err; + if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err; if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx, (char *)rsa->method_mod_n)) goto err; @@ -292,3 +295,49 @@ err: return(ret); } +int RSA_memory_lock(r) +RSA *r; + { + int i,j,k,off; + char *p; + BIGNUM *bn,**t[6],*b; + BN_ULONG *ul; + + if (r->d == NULL) return(1); + t[0]= &r->d; + t[1]= &r->p; + t[2]= &r->q; + t[3]= &r->dmp1; + t[4]= &r->dmq1; + t[5]= &r->iqmp; + k=sizeof(BIGNUM)*6; + off=k/sizeof(BN_ULONG)+1; + j=1; + for (i=0; i<6; i++) + j+= (*t[i])->top; + if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL) + { + RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE); + return(0); + } + bn=(BIGNUM *)p; + ul=(BN_ULONG *)&(p[off]); + for (i=0; i<6; i++) + { + b= *(t[i]); + *(t[i])= &(bn[i]); + memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM)); + bn[i].flags=BN_FLG_STATIC_DATA; + bn[i].d=ul; + memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top); + ul+=b->top; + BN_clear_free(b); + } + + /* I should fix this so it can still be done */ + r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC); + + r->bignum_data=p; + return(1); + } + diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c index f0dd943657..6385b556be 100644 --- a/crypto/rsa/rsa_none.c +++ b/crypto/rsa/rsa_none.c @@ -79,11 +79,12 @@ int flen; return(1); } -int RSA_padding_check_none(to,tlen,from,flen) +int RSA_padding_check_none(to,tlen,from,flen,num) unsigned char *to; int tlen; unsigned char *from; int flen; +int num; { int j; @@ -93,7 +94,7 @@ int flen; RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); return(-1); } - if (*(from++) != 0) + if (flen+1 >= num) { RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE); return(-1); diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c index 2791291b94..4638187970 100644 --- a/crypto/rsa/rsa_pk1.c +++ b/crypto/rsa/rsa_pk1.c @@ -103,17 +103,18 @@ int flen; return(1); } -int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen) +int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen,num) unsigned char *to; int tlen; unsigned char *from; int flen; +int num; { int i,j; unsigned char *p; p=from; - if (*(p++) != 01) + if ((num != (flen+1)) || (*(p++) != 01)) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); return(-1); @@ -192,21 +193,25 @@ int flen; return(1); } -int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen) +int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen,num) unsigned char *to; int tlen; unsigned char *from; int flen; +int num; { int i,j; unsigned char *p; p=from; - if (*(p++) != 02) + if ((num != (flen+1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); return(-1); } +#ifdef PKCS1_CHECK + return(num-11); +#endif /* scan over padding data */ j=flen-1; /* one for type. */ diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 28c5571e74..e38911146a 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -154,9 +154,11 @@ RSA *rsa; p=s; sig=d2i_X509_SIG(NULL,&p,(long)i); + if (sig == NULL) goto err; sigtype=OBJ_obj2nid(sig->algor->algorithm); + #ifdef RSA_DEBUG /* put a backward compatability flag in EAY */ fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c index 9bcd4b2c03..42ee076800 100644 --- a/crypto/rsa/rsa_ssl.c +++ b/crypto/rsa/rsa_ssl.c @@ -103,11 +103,12 @@ int flen; return(1); } -int RSA_padding_check_SSLv23(to,tlen,from,flen) +int RSA_padding_check_SSLv23(to,tlen,from,flen,num) unsigned char *to; int tlen; unsigned char *from; int flen; +int num; { int i,j,k; unsigned char *p; @@ -118,7 +119,7 @@ int flen; RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL); return(-1); } - if (*(p++) != 02) + if ((num != (flen+1)) || (*(p++) != 02)) { RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02); return(-1); -- cgit v1.2.3