src - OpenBSD base system

diff options


context:
space:
mode:

author	Bob Beck <beck@cvs.openbsd.org>	2000-03-19 11:13:56 +0000
committer	Bob Beck <beck@cvs.openbsd.org>	2000-03-19 11:13:56 +0000
commit	49f56637dd22e4a7b21187190845bdf93f225b6c (patch)
tree	53fb7836f5f49958bff0a86c3daad74163301583 /lib/libcrypto/rsa
parent	3fcaa7468f9b0354a53219db5fef7803a96ef49e (diff)

OpenSSL 0.9.5 merge

*warning* this bumps shared lib minors for libssl and libcrypto from 2.1 to 2.2 if you are using the ssl26 packages for ssh and other things to work you will need to get new ones (see ~beck/libsslsnap/<arch>) on cvs or ~beck/src-patent.tar.gz on cvs

Diffstat (limited to 'lib/libcrypto/rsa')

-rw-r--r--

lib/libcrypto/rsa/Makefile.ssl

-rw-r--r--

lib/libcrypto/rsa/rsa.h

-rw-r--r--

lib/libcrypto/rsa/rsa_eay.c

-rw-r--r--

lib/libcrypto/rsa/rsa_err.c

-rw-r--r--

lib/libcrypto/rsa/rsa_gen.c

-rw-r--r--

lib/libcrypto/rsa/rsa_lib.c

-rw-r--r--

lib/libcrypto/rsa/rsa_oaep.c

-rw-r--r--

lib/libcrypto/rsa/rsa_oaep_test.c

309

-rw-r--r--

lib/libcrypto/rsa/rsa_pk1.c

-rw-r--r--

lib/libcrypto/rsa/rsa_saos.c

-rw-r--r--

lib/libcrypto/rsa/rsa_sign.c

153

-rw-r--r--

lib/libcrypto/rsa/rsa_ssl.c

12 files changed, 196 insertions, 412 deletions

diff --git a/lib/libcrypto/rsa/Makefile.ssl b/lib/libcrypto/rsa/Makefile.ssl
index 3bb89701a22..7b3960e70d1 100644
--- a/lib/libcrypto/rsa/Makefile.ssl
+++ b/lib/libcrypto/rsa/Makefile.ssl

@@ -18,14 +18,14 @@ AR= ar r

CFLAGS= $(INCLUDES) $(CFLAG)

GENERAL=Makefile

-TEST=rsa_oaep_test.c

+TEST=rsa_test.c

APPS=

LIB=$(TOP)/libcrypto.a

LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \

- rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c

+ rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c

LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \

- rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o

+ rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o

SRC= $(LIBSRC)

@@ -83,52 +83,61 @@ clean:

rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h

-rsa_chk.o: ../../include/openssl/stack.h

+rsa_chk.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_eay.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_eay.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

-rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h

-rsa_eay.o: ../cryptlib.h

+rsa_eay.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_eay.o: ../../include/openssl/stack.h ../cryptlib.h

rsa_err.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h

rsa_err.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_err.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h

-rsa_err.o: ../../include/openssl/stack.h

+rsa_err.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

rsa_gen.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

rsa_gen.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_gen.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_gen.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_gen.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h

-rsa_gen.o: ../../include/openssl/stack.h ../cryptlib.h

+rsa_gen.o: ../../include/openssl/safestack.h ../../include/openssl/stack.h

+rsa_gen.o: ../cryptlib.h

rsa_lib.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

rsa_lib.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_lib.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_lib.o: ../../include/openssl/err.h ../../include/openssl/lhash.h

rsa_lib.o: ../../include/openssl/opensslconf.h ../../include/openssl/opensslv.h

-rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h

-rsa_lib.o: ../cryptlib.h

+rsa_lib.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_lib.o: ../../include/openssl/stack.h ../cryptlib.h

rsa_none.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

rsa_none.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_none.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_none.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_none.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

-rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h

-rsa_none.o: ../cryptlib.h

+rsa_none.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_none.o: ../../include/openssl/stack.h ../cryptlib.h

+rsa_null.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

+rsa_null.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

+rsa_null.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

+rsa_null.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

+rsa_null.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

+rsa_null.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_null.o: ../../include/openssl/stack.h ../cryptlib.h

rsa_oaep.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

rsa_oaep.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_oaep.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_oaep.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_oaep.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

-rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/sha.h

-rsa_oaep.o: ../../include/openssl/stack.h ../cryptlib.h

+rsa_oaep.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_oaep.o: ../../include/openssl/sha.h ../../include/openssl/stack.h

+rsa_oaep.o: ../cryptlib.h

rsa_pk1.o: ../../include/openssl/bio.h ../../include/openssl/bn.h

rsa_pk1.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_pk1.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_pk1.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_pk1.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

-rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h

-rsa_pk1.o: ../cryptlib.h

+rsa_pk1.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_pk1.o: ../../include/openssl/stack.h ../cryptlib.h

rsa_saos.o: ../../include/openssl/asn1.h ../../include/openssl/bio.h

rsa_saos.o: ../../include/openssl/blowfish.h ../../include/openssl/bn.h

rsa_saos.o: ../../include/openssl/buffer.h ../../include/openssl/cast.h

@@ -168,5 +177,5 @@ rsa_ssl.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h

rsa_ssl.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

rsa_ssl.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h

rsa_ssl.o: ../../include/openssl/opensslv.h ../../include/openssl/rand.h

-rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/stack.h

-rsa_ssl.o: ../cryptlib.h

+rsa_ssl.o: ../../include/openssl/rsa.h ../../include/openssl/safestack.h

+rsa_ssl.o: ../../include/openssl/stack.h ../cryptlib.h

diff --git a/lib/libcrypto/rsa/rsa.h b/lib/libcrypto/rsa/rsa.h
index 9230b2fcc9b..f9f9b5cfe91 100644
--- a/lib/libcrypto/rsa/rsa.h
+++ b/lib/libcrypto/rsa/rsa.h

@@ -91,6 +91,18 @@ typedef struct rsa_meth_st

int (*finish)(RSA *rsa); /* called at free */

int flags; /* RSA_METHOD_FLAG_* things */

char *app_data; /* may be needed! */

+/* New sign and verify functions: some libraries don't allow arbitrary data

+ * to be signed/verified: this allows them to be used. Note: for this to work

+ * the RSA_public_decrypt() and RSA_private_encrypt() should *NOT* be used

+ * RSA_sign(), RSA_verify() should be used instead. Note: for backwards

+ * compatibility this functionality is only enabled if the RSA_FLAG_SIGN_VER

+ * option is set in 'flags'.

+ */

+ int (*rsa_sign)(int type, unsigned char *m, unsigned int m_len,

+ unsigned char *sigret, unsigned int *siglen, RSA *rsa);

+ int (*rsa_verify)(int dtype, unsigned char *m, unsigned int m_len,

+ unsigned char *sigbuf, unsigned int siglen, RSA *rsa);

} RSA_METHOD;

struct rsa_st

@@ -140,12 +152,16 @@ struct rsa_st

#define RSA_FLAG_EXT_PKEY 0x20

+/* This flag in the RSA_METHOD enables the new rsa_sign, rsa_verify functions.

+ */

+#define RSA_FLAG_SIGN_VER 0x40

#define RSA_PKCS1_PADDING 1

#define RSA_SSLV23_PADDING 2

#define RSA_NO_PADDING 3

#define RSA_PKCS1_OAEP_PADDING 4

-#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg)

+#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,arg)

#define RSA_get_app_data(s) RSA_get_ex_data(s,0)

RSA * RSA_new(void);

@@ -181,6 +197,8 @@ RSA_METHOD *RSA_PKCS1_RSAref(void);

/* these are the actual SSLeay RSA functions */

RSA_METHOD *RSA_PKCS1_SSLeay(void);

+RSA_METHOD *RSA_null_method(void);

void ERR_load_RSA_strings(void );

RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length);

@@ -241,10 +259,10 @@ int RSA_padding_add_none(unsigned char *to,int tlen,

int RSA_padding_check_none(unsigned char *to,int tlen,

unsigned char *f,int fl,int rsa_len);

-int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),

- int (*dup_func)(), void (*free_func)());

-int RSA_set_ex_data(RSA *r,int idx,char *arg);

-char *RSA_get_ex_data(RSA *r, int idx);

+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);

+int RSA_set_ex_data(RSA *r,int idx,void *arg);

+void *RSA_get_ex_data(RSA *r, int idx);

/* BEGIN ERROR CODES */

/* The following lines are auto generated by the script mkerr.pl. Any changes

@@ -262,6 +280,7 @@ char *RSA_get_ex_data(RSA *r, int idx);

#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104

#define RSA_F_RSA_GENERATE_KEY 105

#define RSA_F_RSA_NEW_METHOD 106

+#define RSA_F_RSA_NULL 124

#define RSA_F_RSA_PADDING_ADD_NONE 107

#define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP 121

#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108

@@ -292,10 +311,11 @@ char *RSA_get_ex_data(RSA *r, int idx);

#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110

#define RSA_R_DATA_TOO_SMALL 111

#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122

-#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123

#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112

#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124

#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125

+#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123

+#define RSA_R_INVALID_MESSAGE_LENGTH 131

#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126

#define RSA_R_KEY_SIZE_TOO_SMALL 120

#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113

@@ -304,6 +324,7 @@ char *RSA_get_ex_data(RSA *r, int idx);

#define RSA_R_PADDING_CHECK_FAILED 114

#define RSA_R_P_NOT_PRIME 128

#define RSA_R_Q_NOT_PRIME 129

+#define RSA_R_RSA_OPERATIONS_NOT_SUPPORTED 130

#define RSA_R_SSLV3_ROLLBACK_ATTACK 115

#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116

#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117

diff --git a/lib/libcrypto/rsa/rsa_eay.c b/lib/libcrypto/rsa/rsa_eay.c
index 776324860c7..179b7da90a8 100644
--- a/lib/libcrypto/rsa/rsa_eay.c
+++ b/lib/libcrypto/rsa/rsa_eay.c

@@ -72,6 +72,8 @@

#include <openssl/rsa.h>

#include <openssl/rand.h>

+#ifndef RSA_NULL

static int RSA_eay_public_encrypt(int flen, unsigned char *from,

unsigned char *to, RSA *rsa,int padding);

static int RSA_eay_private_encrypt(int flen, unsigned char *from,

@@ -285,4 +287,4 @@ static int RSA_eay_finish(RSA *rsa)

return(1);

}

+#endif

diff --git a/lib/libcrypto/rsa/rsa_err.c b/lib/libcrypto/rsa/rsa_err.c
index 9fb15e398dd..5cfbea2b033 100644
--- a/lib/libcrypto/rsa/rsa_err.c
+++ b/lib/libcrypto/rsa/rsa_err.c

@@ -73,6 +73,7 @@ static ERR_STRING_DATA RSA_str_functs[]=

{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"},

{ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"},

{ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"},

+{ERR_PACK(0,RSA_F_RSA_NULL,0), "RSA_NULL"},

{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"},

{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_OAEP,0), "RSA_padding_add_PKCS1_OAEP"},

{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"},

@@ -106,10 +107,11 @@ static ERR_STRING_DATA RSA_str_reasons[]=

{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},

{RSA_R_DATA_TOO_SMALL ,"data too small"},

{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},

-{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},

{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},

{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"},

{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"},

+{RSA_R_D_E_NOT_CONGRUENT_TO_1 ,"d e not congruent to 1"},

+{RSA_R_INVALID_MESSAGE_LENGTH ,"invalid message length"},

{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},

{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},

{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},

@@ -118,6 +120,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=

{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},

{RSA_R_P_NOT_PRIME ,"p not prime"},

{RSA_R_Q_NOT_PRIME ,"q not prime"},

+{RSA_R_RSA_OPERATIONS_NOT_SUPPORTED ,"rsa operations not supported"},

{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},

{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},

{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},

diff --git a/lib/libcrypto/rsa/rsa_gen.c b/lib/libcrypto/rsa/rsa_gen.c
index 3227dba7947..b1ee5d8dce4 100644
--- a/lib/libcrypto/rsa/rsa_gen.c
+++ b/lib/libcrypto/rsa/rsa_gen.c

@@ -85,6 +85,7 @@ err:

RSAerr(RSA_F_RSA_GENERATE_KEY,ERR_LIB_BN);

ok=0;

}

+ BN_CTX_end(ctx);

BN_CTX_free(ctx);

BN_CTX_free(ctx2);

diff --git a/lib/libcrypto/rsa/rsa_lib.c b/lib/libcrypto/rsa/rsa_lib.c
index c0ca2923a69..074a4f5074b 100644
--- a/lib/libcrypto/rsa/rsa_lib.c
+++ b/lib/libcrypto/rsa/rsa_lib.c

@@ -67,7 +67,7 @@ const char *RSA_version="RSA" OPENSSL_VERSION_PTEXT;

static RSA_METHOD *default_RSA_meth=NULL;

static int rsa_meth_num=0;

-static STACK *rsa_meth=NULL;

+static STACK_OF(CRYPTO_EX_DATA_FUNCS) *rsa_meth=NULL;

RSA *RSA_new(void)

{

@@ -105,11 +105,15 @@ RSA *RSA_new_method(RSA_METHOD *meth)

if (default_RSA_meth == NULL)

{

+#ifdef RSA_NULL

+ default_RSA_meth=RSA_null_method();

+#else

#ifdef RSAref

default_RSA_meth=RSA_PKCS1_RSAref();

#else

default_RSA_meth=RSA_PKCS1_SSLeay();

#endif

+#endif

}

ret=(RSA *)Malloc(sizeof(RSA));

if (ret == NULL)

@@ -146,7 +150,7 @@ RSA *RSA_new_method(RSA_METHOD *meth)

ret=NULL;

}

else

- CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);

+ CRYPTO_new_ex_data(rsa_meth,ret,&ret->ex_data);

return(ret);

}

@@ -169,7 +173,7 @@ void RSA_free(RSA *r)

}

#endif

- CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data);

+ CRYPTO_free_ex_data(rsa_meth,r,&r->ex_data);

if (r->meth->finish != NULL)

r->meth->finish(r);

@@ -187,20 +191,20 @@ void RSA_free(RSA *r)

Free(r);

}

-int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),

- int (*dup_func)(), void (*free_func)())

+int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,

+ CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func)

{

rsa_meth_num++;

return(CRYPTO_get_ex_new_index(rsa_meth_num-1,

&rsa_meth,argl,argp,new_func,dup_func,free_func));

}

-int RSA_set_ex_data(RSA *r, int idx, char *arg)

+int RSA_set_ex_data(RSA *r, int idx, void *arg)

{

return(CRYPTO_set_ex_data(&r->ex_data,idx,arg));

}

-char *RSA_get_ex_data(RSA *r, int idx)

+void *RSA_get_ex_data(RSA *r, int idx)

{

return(CRYPTO_get_ex_data(&r->ex_data,idx));

}

@@ -265,19 +269,19 @@ int RSA_blinding_on(RSA *rsa, BN_CTX *p_ctx)

if (rsa->blinding != NULL)

BN_BLINDING_free(rsa->blinding);

- A= &(ctx->bn[0]);

- ctx->tos++;

+ BN_CTX_start(ctx);

+ A = BN_CTX_get(ctx);

if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;

if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;

if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,rsa->_method_mod_n))

goto err;

rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n);

- ctx->tos--;

rsa->flags|=RSA_FLAG_BLINDING;

BN_free(Ai);

ret=1;

err:

+ BN_CTX_end(ctx);

if (ctx != p_ctx) BN_CTX_free(ctx);

return(ret);

}

diff --git a/lib/libcrypto/rsa/rsa_oaep.c b/lib/libcrypto/rsa/rsa_oaep.c
index 843c40c8640..1465c01f4f4 100644
--- a/lib/libcrypto/rsa/rsa_oaep.c
+++ b/lib/libcrypto/rsa/rsa_oaep.c

@@ -50,7 +50,8 @@ int RSA_padding_add_PKCS1_OAEP(unsigned char *to, int tlen,

emlen - flen - 2 * SHA_DIGEST_LENGTH - 1);

db[emlen - flen - SHA_DIGEST_LENGTH - 1] = 0x01;

memcpy(db + emlen - flen - SHA_DIGEST_LENGTH, from, (unsigned int) flen);

- RAND_bytes(seed, SHA_DIGEST_LENGTH);

+ if (RAND_bytes(seed, SHA_DIGEST_LENGTH) <= 0)

+ return (0);

#ifdef PKCS_TESTVECT

memcpy(seed,

"\xaa\xfd\x12\xf6\x59\xca\xe6\x34\x89\xb4\x79\xe5\x07\x6d\xde\xc2\xf0\x6c\xb5\x8f",

diff --git a/lib/libcrypto/rsa/rsa_oaep_test.c b/lib/libcrypto/rsa/rsa_oaep_test.c
index 0d4e39d3dab..e69de29bb2d 100644
--- a/lib/libcrypto/rsa/rsa_oaep_test.c
+++ b/lib/libcrypto/rsa/rsa_oaep_test.c

@@ -1,309 +0,0 @@

-/* test vectors from p1ovect1.txt */

-#include <stdio.h>

-#include <string.h>

-#include "openssl/e_os.h"

-#include <openssl/crypto.h>

-#include <openssl/err.h>

-#ifdef NO_RSA

-int main(int argc, char *argv[])

- printf("No RSA support\n");

- return(0);

-#else

-#include <openssl/rsa.h>

-#define SetKey \

- key->n = BN_bin2bn(n, sizeof(n)-1, key->n); \

- key->e = BN_bin2bn(e, sizeof(e)-1, key->e); \

- key->d = BN_bin2bn(d, sizeof(d)-1, key->d); \

- key->p = BN_bin2bn(p, sizeof(p)-1, key->p); \

- key->q = BN_bin2bn(q, sizeof(q)-1, key->q); \

- key->dmp1 = BN_bin2bn(dmp1, sizeof(dmp1)-1, key->dmp1); \

- key->dmq1 = BN_bin2bn(dmq1, sizeof(dmq1)-1, key->dmq1); \

- key->iqmp = BN_bin2bn(iqmp, sizeof(iqmp)-1, key->iqmp); \

- memcpy(c, ctext_ex, sizeof(ctext_ex) - 1); \

- return (sizeof(ctext_ex) - 1);

-static int key1(RSA *key, unsigned char *c)

- {

- static unsigned char n[] =

-"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"

-"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"

-"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"

-"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"

-"\xF5";

- static unsigned char e[] = "\x11";

- static unsigned char d[] =

-"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"

-"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"

-"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"

-"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51";

- static unsigned char p[] =

-"\x00\xD8\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"

-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x12"

-"\x0D";

- static unsigned char q[] =

-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"

-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"

-"\x89";

- static unsigned char dmp1[] =

-"\x59\x0B\x95\x72\xA2\xC2\xA9\xC4\x06\x05\x9D\xC2\xAB\x2F\x1D\xAF"

-"\xEB\x7E\x8B\x4F\x10\xA7\x54\x9E\x8E\xED\xF5\xB4\xFC\xE0\x9E\x05";

- static unsigned char dmq1[] =

-"\x00\x8E\x3C\x05\x21\xFE\x15\xE0\xEA\x06\xA3\x6F\xF0\xF1\x0C\x99"

-"\x52\xC3\x5B\x7A\x75\x14\xFD\x32\x38\xB8\x0A\xAD\x52\x98\x62\x8D"

-"\x51";

- static unsigned char iqmp[] =

-"\x36\x3F\xF7\x18\x9D\xA8\xE9\x0B\x1D\x34\x1F\x71\xD0\x9B\x76\xA8"

-"\xA9\x43\xE1\x1D\x10\xB2\x4D\x24\x9F\x2D\xEA\xFE\xF8\x0C\x18\x26";

- static unsigned char ctext_ex[] =

-"\x1b\x8f\x05\xf9\xca\x1a\x79\x52\x6e\x53\xf3\xcc\x51\x4f\xdb\x89"

-"\x2b\xfb\x91\x93\x23\x1e\x78\xb9\x92\xe6\x8d\x50\xa4\x80\xcb\x52"

-"\x33\x89\x5c\x74\x95\x8d\x5d\x02\xab\x8c\x0f\xd0\x40\xeb\x58\x44"

-"\xb0\x05\xc3\x9e\xd8\x27\x4a\x9d\xbf\xa8\x06\x71\x40\x94\x39\xd2";

- SetKey;

- }

-static int key2(RSA *key, unsigned char *c)

- {

- static unsigned char n[] =

-"\x00\xA3\x07\x9A\x90\xDF\x0D\xFD\x72\xAC\x09\x0C\xCC\x2A\x78\xB8"

-"\x74\x13\x13\x3E\x40\x75\x9C\x98\xFA\xF8\x20\x4F\x35\x8A\x0B\x26"

-"\x3C\x67\x70\xE7\x83\xA9\x3B\x69\x71\xB7\x37\x79\xD2\x71\x7B\xE8"

-"\x34\x77\xCF";

- static unsigned char e[] = "\x3";

- static unsigned char d[] =

-"\x6C\xAF\xBC\x60\x94\xB3\xFE\x4C\x72\xB0\xB3\x32\xC6\xFB\x25\xA2"

-"\xB7\x62\x29\x80\x4E\x68\x65\xFC\xA4\x5A\x74\xDF\x0F\x8F\xB8\x41"

-"\x3B\x52\xC0\xD0\xE5\x3D\x9B\x59\x0F\xF1\x9B\xE7\x9F\x49\xDD\x21"

-"\xE5\xEB";

- static unsigned char p[] =

-"\x00\xCF\x20\x35\x02\x8B\x9D\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92"

-"\xEA\x0D\xA3\xB4\x32\x04\xB5\xCF\xCE\x91";

- static unsigned char q[] =

-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"

-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5F";

- static unsigned char dmp1[] =

-"\x00\x8A\x15\x78\xAC\x5D\x13\xAF\x10\x2B\x22\xB9\x99\xCD\x74\x61"

-"\xF1\x5E\x6D\x22\xCC\x03\x23\xDF\xDF\x0B";

- static unsigned char dmq1[] =

-"\x00\x86\x55\x21\x4A\xC5\x4D\x8D\x4E\xCD\x61\x77\xF1\xC7\x36\x90"

-"\xCE\x2A\x48\x2C\x8B\x05\x99\xCB\xE0\x3F";

- static unsigned char iqmp[] =

-"\x00\x83\xEF\xEF\xB8\xA9\xA4\x0D\x1D\xB6\xED\x98\xAD\x84\xED\x13"

-"\x35\xDC\xC1\x08\xF3\x22\xD0\x57\xCF\x8D";

- static unsigned char ctext_ex[] =

-"\x14\xbd\xdd\x28\xc9\x83\x35\x19\x23\x80\xe8\xe5\x49\xb1\x58\x2a"

-"\x8b\x40\xb4\x48\x6d\x03\xa6\xa5\x31\x1f\x1f\xd5\xf0\xa1\x80\xe4"

-"\x17\x53\x03\x29\xa9\x34\x90\x74\xb1\x52\x13\x54\x29\x08\x24\x52"

-"\x62\x51";

- SetKey;

- }

-static int key3(RSA *key, unsigned char *c)

- {

- static unsigned char n[] =

-"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"

-"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"

-"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"

-"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"

-"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"

-"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"

-"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"

-"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"

-"\xCB";

- static unsigned char e[] = "\x11";

- static unsigned char d[] =

-"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"

-"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"

-"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"

-"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"

-"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"

-"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"

-"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"

-"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"

-"\xC1";

- static unsigned char p[] =

-"\x00\xEE\xCF\xAE\x81\xB1\xB9\xB3\xC9\x08\x81\x0B\x10\xA1\xB5\x60"

-"\x01\x99\xEB\x9F\x44\xAE\xF4\xFD\xA4\x93\xB8\x1A\x9E\x3D\x84\xF6"

-"\x32\x12\x4E\xF0\x23\x6E\x5D\x1E\x3B\x7E\x28\xFA\xE7\xAA\x04\x0A"

-"\x2D\x5B\x25\x21\x76\x45\x9D\x1F\x39\x75\x41\xBA\x2A\x58\xFB\x65"

-"\x99";

- static unsigned char q[] =

-"\x00\xC9\x7F\xB1\xF0\x27\xF4\x53\xF6\x34\x12\x33\xEA\xAA\xD1\xD9"

-"\x35\x3F\x6C\x42\xD0\x88\x66\xB1\xD0\x5A\x0F\x20\x35\x02\x8B\x9D"

-"\x86\x98\x40\xB4\x16\x66\xB4\x2E\x92\xEA\x0D\xA3\xB4\x32\x04\xB5"

-"\xCF\xCE\x33\x52\x52\x4D\x04\x16\xA5\xA4\x41\xE7\x00\xAF\x46\x15"

-"\x03";

- static unsigned char dmp1[] =

-"\x54\x49\x4C\xA6\x3E\xBA\x03\x37\xE4\xE2\x40\x23\xFC\xD6\x9A\x5A"

-"\xEB\x07\xDD\xDC\x01\x83\xA4\xD0\xAC\x9B\x54\xB0\x51\xF2\xB1\x3E"

-"\xD9\x49\x09\x75\xEA\xB7\x74\x14\xFF\x59\xC1\xF7\x69\x2E\x9A\x2E"

-"\x20\x2B\x38\xFC\x91\x0A\x47\x41\x74\xAD\xC9\x3C\x1F\x67\xC9\x81";

- static unsigned char dmq1[] =

-"\x47\x1E\x02\x90\xFF\x0A\xF0\x75\x03\x51\xB7\xF8\x78\x86\x4C\xA9"

-"\x61\xAD\xBD\x3A\x8A\x7E\x99\x1C\x5C\x05\x56\xA9\x4C\x31\x46\xA7"

-"\xF9\x80\x3F\x8F\x6F\x8A\xE3\x42\xE9\x31\xFD\x8A\xE4\x7A\x22\x0D"

-"\x1B\x99\xA4\x95\x84\x98\x07\xFE\x39\xF9\x24\x5A\x98\x36\xDA\x3D";

- static unsigned char iqmp[] =

-"\x00\xB0\x6C\x4F\xDA\xBB\x63\x01\x19\x8D\x26\x5B\xDB\xAE\x94\x23"

-"\xB3\x80\xF2\x71\xF7\x34\x53\x88\x50\x93\x07\x7F\xCD\x39\xE2\x11"

-"\x9F\xC9\x86\x32\x15\x4F\x58\x83\xB1\x67\xA9\x67\xBF\x40\x2B\x4E"

-"\x9E\x2E\x0F\x96\x56\xE6\x98\xEA\x36\x66\xED\xFB\x25\x79\x80\x39"

-"\xF7";

- static unsigned char ctext_ex[] =

-"\xb8\x24\x6b\x56\xa6\xed\x58\x81\xae\xb5\x85\xd9\xa2\x5b\x2a\xd7"

-"\x90\xc4\x17\xe0\x80\x68\x1b\xf1\xac\x2b\xc3\xde\xb6\x9d\x8b\xce"

-"\xf0\xc4\x36\x6f\xec\x40\x0a\xf0\x52\xa7\x2e\x9b\x0e\xff\xb5\xb3"

-"\xf2\xf1\x92\xdb\xea\xca\x03\xc1\x27\x40\x05\x71\x13\xbf\x1f\x06"

-"\x69\xac\x22\xe9\xf3\xa7\x85\x2e\x3c\x15\xd9\x13\xca\xb0\xb8\x86"

-"\x3a\x95\xc9\x92\x94\xce\x86\x74\x21\x49\x54\x61\x03\x46\xf4\xd4"

-"\x74\xb2\x6f\x7c\x48\xb4\x2e\xe6\x8e\x1f\x57\x2a\x1f\xc4\x02\x6a"

-"\xc4\x56\xb4\xf5\x9f\x7b\x62\x1e\xa1\xb9\xd8\x8f\x64\x20\x2f\xb1";

- SetKey;

- }

-static int pad_unknown(void)

- unsigned long l;

- while ((l = ERR_get_error()) != 0)

- if (ERR_GET_REASON(l) == RSA_R_UNKNOWN_PADDING_TYPE)

- return(1);

- return(0);

-int main()

- {

- int err=0;

- int v;

- RSA *key;

- unsigned char ptext[256];

- unsigned char ctext[256];

- static unsigned char ptext_ex[] = "\x54\x85\x9b\x34\x2c\x49\xea\x2a";

- unsigned char ctext_ex[256];

- int plen;

- int clen = 0;

- int num;

- CRYPTO_mem_ctrl(CRYPTO_MEM_CHECK_ON);

- plen = sizeof(ptext_ex) - 1;

- for (v = 0; v < 3; v++)

- {

- key = RSA_new();

- switch (v) {

- case 0:

- clen = key1(key, ctext_ex);

- break;

- case 1:

- clen = key2(key, ctext_ex);

- break;

- case 2:

- clen = key3(key, ctext_ex);

- break;

- }

- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,

- RSA_PKCS1_PADDING);

- if (num != clen)

- {

- printf("PKCS#1 v1.5 encryption failed!\n");

- err=1;

- goto oaep;

- }

- num = RSA_private_decrypt(num, ctext, ptext, key,

- RSA_PKCS1_PADDING);

- if (num != plen || memcmp(ptext, ptext_ex, num) != 0)

- {

- printf("PKCS#1 v1.5 decryption failed!\n");

- err=1;

- }

- else

- printf("PKCS #1 v1.5 encryption/decryption ok\n");

- oaep:

- ERR_clear_error();

- num = RSA_public_encrypt(plen, ptext_ex, ctext, key,

- RSA_PKCS1_OAEP_PADDING);

- if (num == -1 && pad_unknown())

- {

- printf("No OAEP support\n");

- goto next;

- }

- if (num != clen)

- {

- printf("OAEP encryption failed!\n");

- err=1;

- goto next;

- }

- num = RSA_private_decrypt(num, ctext, ptext, key,

- RSA_PKCS1_OAEP_PADDING);

- if (num != plen || memcmp(ptext, ptext_ex, num) != 0)

- {

- printf("OAEP decryption (encrypted data) failed!\n");

- err=1;

- }

- else if (memcmp(ctext, ctext_ex, num) == 0)

- {

- printf("OAEP test vector %d passed!\n", v);

- goto next;

- }

- /* Different ciphertexts (rsa_oaep.c without -DPKCS_TESTVECT).

- Try decrypting ctext_ex */

- num = RSA_private_decrypt(clen, ctext_ex, ptext, key,

- RSA_PKCS1_OAEP_PADDING);

- if (num != plen || memcmp(ptext, ptext_ex, num) != 0)

- {

- printf("OAEP decryption (test vector data) failed!\n");

- err=1;

- }

- else

- printf("OAEP encryption/decryption ok\n");

- next:

- RSA_free(key);

- }

- ERR_remove_state(0);

- CRYPTO_mem_leaks_fp(stdout);

- return err;

- }

-#endif

diff --git a/lib/libcrypto/rsa/rsa_pk1.c b/lib/libcrypto/rsa/rsa_pk1.c
index f0ae51f234e..48a32bc264a 100644
--- a/lib/libcrypto/rsa/rsa_pk1.c
+++ b/lib/libcrypto/rsa/rsa_pk1.c

@@ -79,7 +79,7 @@ int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,

*(p++)=0;

*(p++)=1; /* Private Key BT (Block Type) */

- /* padd out with 0xff data */

+ /* pad out with 0xff data */

j=tlen-3-flen;

memset(p,0xff,j);

p+=j;

@@ -130,6 +130,11 @@ int RSA_padding_check_PKCS1_type_1(unsigned char *to, int tlen,

}

i++; /* Skip over the '\0' */

j-=i;

+ if (j > tlen)

+ {

+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE);

+ return(-1);

+ }

memcpy(to,p,(unsigned int)j);

return(j);

@@ -155,12 +160,14 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,

/* pad out with non-zero random data */

j=tlen-3-flen;

- RAND_bytes(p,j);

+ if (RAND_bytes(p,j) <= 0)

+ return(0);

for (i=0; i<j; i++)

{

if (*p == '\0')

do {

- RAND_bytes(p,1);

+ if (RAND_bytes(p,1) <= 0)

+ return(0);

} while (*p == '\0');

p++;

}

@@ -205,6 +212,11 @@ int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,

}

i++; /* Skip over the '\0' */

j-=i;

+ if (j > tlen)

+ {

+ RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE);

+ return(-1);

+ }

memcpy(to,p,(unsigned int)j);

return(j);

diff --git a/lib/libcrypto/rsa/rsa_saos.c b/lib/libcrypto/rsa/rsa_saos.c
index 73b8b0c7ad6..61efb0b00fd 100644
--- a/lib/libcrypto/rsa/rsa_saos.c
+++ b/lib/libcrypto/rsa/rsa_saos.c

@@ -136,7 +136,7 @@ int RSA_verify_ASN1_OCTET_STRING(int dtype, unsigned char *m,

else

ret=1;

err:

- if (sig != NULL) ASN1_OCTET_STRING_free(sig);

+ if (sig != NULL) M_ASN1_OCTET_STRING_free(sig);

memset(s,0,(unsigned int)siglen);

Free(s);

return(ret);

diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index 1740494a4c7..05bb7fb74af 100644
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c

@@ -63,59 +63,77 @@

#include <openssl/objects.h>

#include <openssl/x509.h>

+/* Size of an SSL signature: MD5+SHA1 */

+#define SSL_SIG_LENGTH 36

int RSA_sign(int type, unsigned char *m, unsigned int m_len,

unsigned char *sigret, unsigned int *siglen, RSA *rsa)

{

X509_SIG sig;

ASN1_TYPE parameter;

int i,j,ret=1;

- unsigned char *p,*s;

+ unsigned char *p,*s = NULL;

X509_ALGOR algor;

ASN1_OCTET_STRING digest;

- sig.algor= &algor;

- sig.algor->algorithm=OBJ_nid2obj(type);

- if (sig.algor->algorithm == NULL)

- {

- RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);

- return(0);

- }

- if (sig.algor->algorithm->length == 0)

- {

- RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

- return(0);

+ if(rsa->flags & RSA_FLAG_SIGN_VER)

+ return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);

+ /* Special case: SSL signature, just check the length */

+ if(type == NID_md5_sha1) {

+ if(m_len != SSL_SIG_LENGTH) {

+ RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);

+ return(0);

}

- parameter.type=V_ASN1_NULL;

- parameter.value.ptr=NULL;

- sig.algor->parameter= &parameter;

+ i = SSL_SIG_LENGTH;

+ s = m;

+ } else {

+ sig.algor= &algor;

+ sig.algor->algorithm=OBJ_nid2obj(type);

+ if (sig.algor->algorithm == NULL)

+ {

+ RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);

+ return(0);

+ }

+ if (sig.algor->algorithm->length == 0)

+ {

+ RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

+ return(0);

+ }

+ parameter.type=V_ASN1_NULL;

+ parameter.value.ptr=NULL;

+ sig.algor->parameter= &parameter;

- sig.digest= &digest;

- sig.digest->data=m;

- sig.digest->length=m_len;

+ sig.digest= &digest;

+ sig.digest->data=m;

+ sig.digest->length=m_len;

- i=i2d_X509_SIG(&sig,NULL);

+ i=i2d_X509_SIG(&sig,NULL);

+ }

j=RSA_size(rsa);

if ((i-RSA_PKCS1_PADDING) > j)

{

RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);

return(0);

}

- s=(unsigned char *)Malloc((unsigned int)j+1);

- if (s == NULL)

- {

- RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);

- return(0);

- }

- p=s;

- i2d_X509_SIG(&sig,&p);

+ if(type != NID_md5_sha1) {

+ s=(unsigned char *)Malloc((unsigned int)j+1);

+ if (s == NULL)

+ {

+ RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);

+ return(0);

+ }

+ p=s;

+ i2d_X509_SIG(&sig,&p);

+ }

i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);

if (i <= 0)

ret=0;

else

*siglen=i;

- memset(s,0,(unsigned int)j+1);

- Free(s);

+ if(type != NID_md5_sha1) {

+ memset(s,0,(unsigned int)j+1);

+ Free(s);

+ }

return(ret);

}

@@ -132,53 +150,68 @@ int RSA_verify(int dtype, unsigned char *m, unsigned int m_len,

return(0);

}

+ if(rsa->flags & RSA_FLAG_SIGN_VER)

+ return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen, rsa);

s=(unsigned char *)Malloc((unsigned int)siglen);

if (s == NULL)

{

RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);

goto err;

}

+ if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {

+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);

+ return(0);

+ }

i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);

if (i <= 0) goto err;

- p=s;

- sig=d2i_X509_SIG(NULL,&p,(long)i);

+ /* Special case: SSL signature */

+ if(dtype == NID_md5_sha1) {

+ if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))

+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

+ else ret = 1;

+ } else {

+ p=s;

+ sig=d2i_X509_SIG(NULL,&p,(long)i);

- if (sig == NULL) goto err;

- sigtype=OBJ_obj2nid(sig->algor->algorithm);

+ if (sig == NULL) goto err;

+ sigtype=OBJ_obj2nid(sig->algor->algorithm);

-#ifdef RSA_DEBUG

- /* put a backward compatability flag in EAY */

- fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),

- OBJ_nid2ln(dtype));

-#endif

- if (sigtype != dtype)

- {

- if (((dtype == NID_md5) &&

- (sigtype == NID_md5WithRSAEncryption)) ||

- ((dtype == NID_md2) &&

- (sigtype == NID_md2WithRSAEncryption)))

+ #ifdef RSA_DEBUG

+ /* put a backward compatibility flag in EAY */

+ fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),

+ OBJ_nid2ln(dtype));

+ #endif

+ if (sigtype != dtype)

{

- /* ok, we will let it through */

-#if !defined(NO_STDIO) && !defined(WIN16)

- fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");

-#endif

+ if (((dtype == NID_md5) &&

+ (sigtype == NID_md5WithRSAEncryption)) ||

+ ((dtype == NID_md2) &&

+ (sigtype == NID_md2WithRSAEncryption)))

+ {

+ /* ok, we will let it through */

+ #if !defined(NO_STDIO) && !defined(WIN16)

+ fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");

+ #endif

+ }

+ else

+ {

+ RSAerr(RSA_F_RSA_VERIFY,

+ RSA_R_ALGORITHM_MISMATCH);

+ goto err;

+ }

}

- else

+ if ( ((unsigned int)sig->digest->length != m_len) ||

+ (memcmp(m,sig->digest->data,m_len) != 0))

{

- RSAerr(RSA_F_RSA_VERIFY,RSA_R_ALGORITHM_MISMATCH);

- goto err;

+ RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

}

- }

- if ( ((unsigned int)sig->digest->length != m_len) ||

- (memcmp(m,sig->digest->data,m_len) != 0))

- {

- RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

- }

- else

- ret=1;

+ else

+ ret=1;

+ }

err:

if (sig != NULL) X509_SIG_free(sig);

memset(s,0,(unsigned int)siglen);

diff --git a/lib/libcrypto/rsa/rsa_ssl.c b/lib/libcrypto/rsa/rsa_ssl.c
index 1050844f8d2..81a857c8136 100644
--- a/lib/libcrypto/rsa/rsa_ssl.c
+++ b/lib/libcrypto/rsa/rsa_ssl.c

@@ -82,12 +82,14 @@ int RSA_padding_add_SSLv23(unsigned char *to, int tlen, unsigned char *from,

/* pad out with non-zero random data */

j=tlen-3-8-flen;

- RAND_bytes(p,j);

+ if (RAND_bytes(p,j) <= 0)

+ return(0);

for (i=0; i<j; i++)

{

if (*p == '\0')

do {

- RAND_bytes(p,1);

+ if (RAND_bytes(p,1) <= 0)

+ return(0);

} while (*p == '\0');

p++;

}

@@ -140,6 +142,11 @@ int RSA_padding_check_SSLv23(unsigned char *to, int tlen, unsigned char *from,

i++; /* Skip over the '\0' */

j-=i;

+ if (j > tlen)

+ {

+ RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);

+ return(-1);

+ }

memcpy(to,p,(unsigned int)j);

return(j);