diff options
Diffstat (limited to 'crypto/rsa')
-rw-r--r-- | crypto/rsa/Makefile.ssl | 8 | ||||
-rw-r--r-- | crypto/rsa/rsa.err | 46 | ||||
-rw-r--r-- | crypto/rsa/rsa.h | 137 | ||||
-rw-r--r-- | crypto/rsa/rsa_eay.c | 498 | ||||
-rw-r--r-- | crypto/rsa/rsa_err.c | 22 | ||||
-rw-r--r-- | crypto/rsa/rsa_gen.c | 19 | ||||
-rw-r--r-- | crypto/rsa/rsa_lib.c | 100 | ||||
-rw-r--r-- | crypto/rsa/rsa_none.c | 109 | ||||
-rw-r--r-- | crypto/rsa/rsa_pk1.c | 233 | ||||
-rw-r--r-- | crypto/rsa/rsa_saos.c | 2 | ||||
-rw-r--r-- | crypto/rsa/rsa_sign.c | 4 | ||||
-rw-r--r-- | crypto/rsa/rsa_ssl.c | 153 |
12 files changed, 1266 insertions, 65 deletions
diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index 5e04ec4..d52f2e6 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -22,8 +22,10 @@ TEST= APPS= LIB=$(TOP)/libcrypto.a -LIBSRC= rsa_enc.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c -LIBOBJ= rsa_enc.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o +LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c $(ERRC).c \ + rsa_pk1.c rsa_ssl.c rsa_none.c +LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o $(ERRC).o \ + rsa_pk1.o rsa_ssl.o rsa_none.o SRC= $(LIBSRC) @@ -79,6 +81,6 @@ clean: errors: perl $(TOP)/util/err-ins.pl $(ERR).err $(ERR).h - perl ../err/err_genc.pl $(ERR).h $(ERRC).c + perl ../err/err_genc.pl -s $(ERR).h $(ERRC).c # DO NOT DELETE THIS LINE -- make depend depends on it. diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err index 29f1496..5ded1b5 100644 --- a/crypto/rsa/rsa.err +++ b/crypto/rsa/rsa.err @@ -7,12 +7,20 @@ #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 #define RSA_F_RSA_GENERATE_KEY 104 #define RSA_F_RSA_NEW_METHOD 105 -#define RSA_F_RSA_PRINT 106 -#define RSA_F_RSA_PRINT_FP 107 -#define RSA_F_RSA_SIGN 108 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 109 -#define RSA_F_RSA_VERIFY 110 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 111 +#define RSA_F_RSA_PADDING_ADD_NONE 106 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 +#define RSA_F_RSA_PADDING_ADD_SSLV23 109 +#define RSA_F_RSA_PADDING_CHECK_NONE 110 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 +#define RSA_F_RSA_PRINT 114 +#define RSA_F_RSA_PRINT_FP 115 +#define RSA_F_RSA_SIGN 116 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 +#define RSA_F_RSA_VERIFY 118 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 @@ -20,14 +28,18 @@ #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 #define RSA_R_BAD_PAD_BYTE_COUNT 103 #define RSA_R_BAD_SIGNATURE 104 -#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 -#define RSA_R_BLOCK_TYPE_IS_NOT_02 106 -#define RSA_R_DATA_GREATER_THAN_MOD_LEN 107 -#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 108 -#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 109 -#define RSA_R_NULL_BEFORE_BLOCK_MISSING 110 -#define RSA_R_SSLV3_ROLLBACK_ATTACK 111 -#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112 -#define RSA_R_UNKNOWN_ALGORITHM_TYPE 113 -#define RSA_R_UNKNOWN_PADDING_TYPE 114 -#define RSA_R_WRONG_SIGNATURE_LENGTH 115 +#define RSA_R_BAD_ZERO_BYTE 105 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +#define RSA_R_DATA_TOO_LARGE 109 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_WRONG_SIGNATURE_LENGTH 119 diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 821e928..aeb78ff 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -1,5 +1,5 @@ /* crypto/rsa/rsa.h */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -64,6 +64,7 @@ extern "C" { #endif #include "bn.h" +#include "crypto.h" typedef struct rsa_meth_st { @@ -72,10 +73,13 @@ typedef struct rsa_meth_st int (*rsa_pub_dec)(); int (*rsa_priv_enc)(); int (*rsa_priv_dec)(); - int (*rsa_mod_exp)(); - int (*bn_mod_exp)(); + int (*rsa_mod_exp)(); /* Can be null */ + int (*bn_mod_exp)(); /* Can be null */ int (*init)(/* RSA * */); /* called at new */ int (*finish)(/* RSA * */); /* called at free */ + + int flags; /* RSA_METHOD_FLAG_* things */ + char *app_data; /* may be needed! */ } RSA_METHOD; typedef struct rsa_st @@ -94,22 +98,40 @@ typedef struct rsa_st BIGNUM *dmq1; BIGNUM *iqmp; /* be carefull using this if the RSA structure is shared */ - char *app_data; + CRYPTO_EX_DATA ex_data; int references; + int flags; + + /* Normally used to cached montgomery values */ + char *method_mod_n; + char *method_mod_p; + char *method_mod_q; + + BN_BLINDING *blinding; } RSA; #define RSA_3 0x3L #define RSA_F4 0x10001L -#define RSA_PKCS1_PADDING 11 -#define RSA_SSLV23_PADDING 12 +#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */ +#define RSA_FLAG_CACHE_PUBLIC 0x02 +#define RSA_FLAG_CACHE_PRIVATE 0x04 +#define RSA_FLAG_BLINDING 0x08 +#define RSA_FLAG_THREAD_SAFE 0x10 + +#define RSA_PKCS1_PADDING 1 +#define RSA_SSLV23_PADDING 2 +#define RSA_NO_PADDING 3 + +#define RSA_set_app_data(s,arg) RSA_set_ex_data(s,0,(char *)arg) +#define RSA_get_app_data(s) RSA_get_ex_data(s,0) #ifndef NOPROTO RSA * RSA_new(void); RSA * RSA_new_method(RSA_METHOD *method); int RSA_size(RSA *); RSA * RSA_generate_key(int bits, unsigned long e,void - (*callback)(int,int)); + (*callback)(int,int,char *),char *cb_arg); /* next 4 return -1 on error */ int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); @@ -121,10 +143,12 @@ int RSA_private_decrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); void RSA_free (RSA *r); +int RSA_flags(RSA *r); + void RSA_set_default_method(RSA_METHOD *meth); /* If you have RSAref compiled in. */ -/* RSA_METHOD *RSA_PKCS1_RSAref(void); */ +RSA_METHOD *RSA_PKCS1_RSAref(void); /* these are the actual SSLeay RSA functions */ RSA_METHOD *RSA_PKCS1_SSLeay(void); @@ -135,7 +159,7 @@ RSA * d2i_RSAPublicKey(RSA **a, unsigned char **pp, long length); int i2d_RSAPublicKey(RSA *a, unsigned char **pp); RSA * d2i_RSAPrivateKey(RSA **a, unsigned char **pp, long length); int i2d_RSAPrivateKey(RSA *a, unsigned char **pp); -#ifndef WIN16 +#ifndef NO_FP_API int RSA_print_fp(FILE *fp, RSA *r,int offset); #endif @@ -145,6 +169,9 @@ int RSA_print(BIO *bp, RSA *r,int offset); int i2d_Netscape_RSA(RSA *a, unsigned char **pp, int (*cb)()); RSA *d2i_Netscape_RSA(RSA **a, unsigned char **pp, long length, int (*cb)()); +/* Naughty internal function required elsewhere, to handle a MS structure + * that is the same as the netscape one :-) */ +RSA *d2i_Netscape_RSA_2(RSA **a, unsigned char **pp, long length, int (*cb)()); /* The following 2 functions sign and verify a X509_SIG ASN1 object * inside PKCS#1 padded RSA encryption */ @@ -160,6 +187,31 @@ int RSA_sign_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, int RSA_verify_ASN1_OCTET_STRING(int type, unsigned char *m, unsigned int m_len, unsigned char *sigbuf, unsigned int siglen, RSA *rsa); +int RSA_blinding_on(RSA *rsa, BN_CTX *ctx); +void RSA_blinding_off(RSA *rsa); + +int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_add_SSLv23(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_SSLv23(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_add_none(unsigned char *to,int tlen, + unsigned char *f,int fl); +int RSA_padding_check_none(unsigned char *to,int tlen, + unsigned char *f,int fl); + +int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), + int (*dup_func)(), void (*free_func)()); +int RSA_set_ex_data(RSA *r,int idx,char *arg); +char *RSA_get_ex_data(RSA *r, int idx); + #else RSA * RSA_new(); @@ -172,6 +224,8 @@ int RSA_public_decrypt(); int RSA_private_decrypt(); void RSA_free (); +int RSA_flags(); + void RSA_set_default_method(); /* RSA_METHOD *RSA_PKCS1_RSAref(); */ @@ -183,7 +237,7 @@ RSA * d2i_RSAPublicKey(); int i2d_RSAPublicKey(); RSA * d2i_RSAPrivateKey(); int i2d_RSAPrivateKey(); -#ifndef WIN16 +#ifndef NO_FP_API int RSA_print_fp(); #endif @@ -191,13 +245,28 @@ int RSA_print(); int i2d_Netscape_RSA(); RSA *d2i_Netscape_RSA(); +RSA *d2i_Netscape_RSA_2(); int RSA_sign(); int RSA_verify(); int RSA_sign_ASN1_OCTET_STRING(); int RSA_verify_ASN1_OCTET_STRING(); - +int RSA_blinding_on(); +void RSA_blinding_off(); + +int RSA_padding_add_PKCS1_type_1(); +int RSA_padding_check_PKCS1_type_1(); +int RSA_padding_add_PKCS1_type_2(); +int RSA_padding_check_PKCS1_type_2(); +int RSA_padding_add_SSLv23(); +int RSA_padding_check_SSLv23(); +int RSA_padding_add_none(); +int RSA_padding_check_none(); + +int RSA_get_ex_new_index(); +int RSA_set_ex_data(); +char *RSA_get_ex_data(); #endif @@ -211,12 +280,20 @@ int RSA_verify_ASN1_OCTET_STRING(); #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103 #define RSA_F_RSA_GENERATE_KEY 104 #define RSA_F_RSA_NEW_METHOD 105 -#define RSA_F_RSA_PRINT 106 -#define RSA_F_RSA_PRINT_FP 107 -#define RSA_F_RSA_SIGN 108 -#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 109 -#define RSA_F_RSA_VERIFY 110 -#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 111 +#define RSA_F_RSA_PADDING_ADD_NONE 106 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107 +#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108 +#define RSA_F_RSA_PADDING_ADD_SSLV23 109 +#define RSA_F_RSA_PADDING_CHECK_NONE 110 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111 +#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112 +#define RSA_F_RSA_PADDING_CHECK_SSLV23 113 +#define RSA_F_RSA_PRINT 114 +#define RSA_F_RSA_PRINT_FP 115 +#define RSA_F_RSA_SIGN 116 +#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117 +#define RSA_F_RSA_VERIFY 118 +#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119 /* Reason codes. */ #define RSA_R_ALGORITHM_MISMATCH 100 @@ -224,17 +301,21 @@ int RSA_verify_ASN1_OCTET_STRING(); #define RSA_R_BAD_FIXED_HEADER_DECRYPT 102 #define RSA_R_BAD_PAD_BYTE_COUNT 103 #define RSA_R_BAD_SIGNATURE 104 -#define RSA_R_BLOCK_TYPE_IS_NOT_01 105 -#define RSA_R_BLOCK_TYPE_IS_NOT_02 106 -#define RSA_R_DATA_GREATER_THAN_MOD_LEN 107 -#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 108 -#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 109 -#define RSA_R_NULL_BEFORE_BLOCK_MISSING 110 -#define RSA_R_SSLV3_ROLLBACK_ATTACK 111 -#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 112 -#define RSA_R_UNKNOWN_ALGORITHM_TYPE 113 -#define RSA_R_UNKNOWN_PADDING_TYPE 114 -#define RSA_R_WRONG_SIGNATURE_LENGTH 115 +#define RSA_R_BAD_ZERO_BYTE 105 +#define RSA_R_BLOCK_TYPE_IS_NOT_01 106 +#define RSA_R_BLOCK_TYPE_IS_NOT_02 107 +#define RSA_R_DATA_GREATER_THAN_MOD_LEN 108 +#define RSA_R_DATA_TOO_LARGE 109 +#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 +#define RSA_R_DATA_TOO_SMALL 111 +#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_SSLV3_ROLLBACK_ATTACK 115 +#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 +#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 +#define RSA_R_UNKNOWN_PADDING_TYPE 118 +#define RSA_R_WRONG_SIGNATURE_LENGTH 119 #ifdef __cplusplus } diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c new file mode 100644 index 0000000..00f8ea9 --- /dev/null +++ b/crypto/rsa/rsa_eay.c @@ -0,0 +1,498 @@ +/* crypto/rsa/rsa_eay.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rand.h" + +#ifndef NOPROTO +static int RSA_eay_public_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_encrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_public_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_private_decrypt(int flen, unsigned char *from, + unsigned char *to, RSA *rsa,int padding); +static int RSA_eay_mod_exp(BIGNUM *r0, BIGNUM *i, RSA *rsa); +static int RSA_eay_init(RSA *rsa); +static int RSA_eay_finish(RSA *rsa); +#else +static int RSA_eay_public_encrypt(); +static int RSA_eay_private_encrypt(); +static int RSA_eay_public_decrypt(); +static int RSA_eay_private_decrypt(); +static int RSA_eay_mod_exp(); +static int RSA_eay_init(); +static int RSA_eay_finish(); +#endif + +static RSA_METHOD rsa_pkcs1_eay_meth={ + "Eric Young's PKCS#1 RSA", + RSA_eay_public_encrypt, + RSA_eay_public_decrypt, + RSA_eay_private_encrypt, + RSA_eay_private_decrypt, + RSA_eay_mod_exp, + BN_mod_exp_mont, + RSA_eay_init, + RSA_eay_finish, + 0, + NULL, + }; + +RSA_METHOD *RSA_PKCS1_SSLeay() + { + return(&rsa_pkcs1_eay_meth); + } + +static int RSA_eay_public_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,k,num=0,r= -1; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + num=BN_num_bytes(rsa->n); + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen); + break; + case RSA_SSLV23_PADDING: + i=RSA_padding_add_SSLv23(buf,num,from,flen); + break; + case RSA_NO_PADDING: + i=RSA_padding_add_none(buf,num,from,flen); + break; + default: + RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err; + + if (BN_bin2bn(buf,num,f) == NULL) goto err; + + if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) + { + if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n, + rsa->n,ctx)) goto err; + } + + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, + rsa->method_mod_n)) goto err; + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_encrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,j,k,num=0,r= -1; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + num=BN_num_bytes(rsa->n); + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + switch (padding) + { + case RSA_PKCS1_PADDING: + i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen); + break; + case RSA_NO_PADDING: + i=RSA_padding_add_none(buf,num,from,flen); + break; + case RSA_SSLV23_PADDING: + default: + RSAerr(RSA_F_RSA_EAY_PRIVATE_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (i <= 0) goto err; + + if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err; + if (BN_bin2bn(buf,num,f) == NULL) goto err; + + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) + RSA_blinding_on(rsa,ctx); + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err; + + if ( (rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) + { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + else + { + if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err; + } + + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err; + + /* put in leading 0 bytes if the number is less than the + * length of the modulus */ + j=BN_num_bytes(ret); + i=BN_bn2bin(ret,&(to[num-j])); + for (k=0; k<(num-i); k++) + to[k]=0; + + r=num; +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (ret != NULL) BN_free(ret); + if (f != NULL) BN_free(f); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_private_decrypt(flen, from, to, rsa,padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int j,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + + if ((buf=(unsigned char *)Malloc(num)) == NULL) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equallity but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err; + if (BN_bin2bn(from,(int)flen,f) == NULL) goto err; + + if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL)) + RSA_blinding_on(rsa,ctx); + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err; + + /* do the decrypt */ + if ( (rsa->p != NULL) && + (rsa->q != NULL) && + (rsa->dmp1 != NULL) && + (rsa->dmq1 != NULL) && + (rsa->iqmp != NULL)) + { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; } + else + { + if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) + goto err; + } + + if (rsa->flags & RSA_FLAG_BLINDING) + if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err; + + p=buf; + j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */ + + switch (padding) + { + case RSA_PKCS1_PADDING: + r=RSA_padding_check_PKCS1_type_2(to,num,buf,j); + break; + case RSA_SSLV23_PADDING: + r=RSA_padding_check_SSLv23(to,num,buf,j); + break; + case RSA_NO_PADDING: + r=RSA_padding_check_none(to,num,buf,j); + break; + default: + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (r < 0) + RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_PADDING_CHECK_FAILED); + +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_public_decrypt(flen, from, to, rsa, padding) +int flen; +unsigned char *from; +unsigned char *to; +RSA *rsa; +int padding; + { + BIGNUM *f=NULL,*ret=NULL; + int i,num=0,r= -1; + unsigned char *p; + unsigned char *buf=NULL; + BN_CTX *ctx=NULL; + + ctx=BN_CTX_new(); + if (ctx == NULL) goto err; + + num=BN_num_bytes(rsa->n); + buf=(unsigned char *)Malloc(num); + if (buf == NULL) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,ERR_R_MALLOC_FAILURE); + goto err; + } + + /* This check was for equallity but PGP does evil things + * and chops off the top '0' bytes */ + if (flen > num) + { + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN); + goto err; + } + + /* make data into a big number */ + if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err; + + if (BN_bin2bn(from,flen,f) == NULL) goto err; + /* do the decrypt */ + if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC)) + { + if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n, + rsa->n,ctx)) goto err; + } + + if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx, + rsa->method_mod_n)) goto err; + + p=buf; + i=BN_bn2bin(ret,p); + + switch (padding) + { + case RSA_PKCS1_PADDING: + r=RSA_padding_check_PKCS1_type_1(to,num,buf,i); + break; + case RSA_NO_PADDING: + r=RSA_padding_check_none(to,num,buf,i); + break; + default: + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE); + goto err; + } + if (r < 0) + RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_PADDING_CHECK_FAILED); + +err: + if (ctx != NULL) BN_CTX_free(ctx); + if (f != NULL) BN_free(f); + if (ret != NULL) BN_free(ret); + if (buf != NULL) + { + memset(buf,0,num); + Free(buf); + } + return(r); + } + +static int RSA_eay_mod_exp(r0, I, rsa) +BIGNUM *r0; +BIGNUM *I; +RSA *rsa; + { + BIGNUM *r1=NULL,*m1=NULL; + int ret=0; + BN_CTX *ctx; + + if ((ctx=BN_CTX_new()) == NULL) goto err; + m1=BN_new(); + r1=BN_new(); + if ((m1 == NULL) || (r1 == NULL)) goto err; + + if (rsa->flags & RSA_FLAG_CACHE_PRIVATE) + { + if (rsa->method_mod_p == NULL) + { + if ((rsa->method_mod_p=(char *) + BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *) + rsa->method_mod_p,rsa->p,ctx)) + goto err; + } + if (rsa->method_mod_q == NULL) + { + if ((rsa->method_mod_q=(char *) + BN_MONT_CTX_new()) != NULL) + if (!BN_MONT_CTX_set((BN_MONT_CTX *) + rsa->method_mod_q,rsa->q,ctx)) + goto err; + } + } + + if (!BN_mod(r1,I,rsa->q,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx, + rsa->method_mod_q)) goto err; + + if (!BN_mod(r1,I,rsa->p,ctx)) goto err; + if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx, + rsa->method_mod_p)) goto err; + + if (!BN_add(r1,r0,rsa->p)) goto err; + if (!BN_sub(r0,r1,m1)) goto err; + + if (!BN_mul(r1,r0,rsa->iqmp)) goto err; + if (!BN_mod(r0,r1,rsa->p,ctx)) goto err; + if (!BN_mul(r1,r0,rsa->q)) goto err; + if (!BN_add(r0,r1,m1)) goto err; + + ret=1; +err: + if (m1 != NULL) BN_free(m1); + if (r1 != NULL) BN_free(r1); + BN_CTX_free(ctx); + return(ret); + } + +static int RSA_eay_init(rsa) +RSA *rsa; + { + rsa->flags|=RSA_FLAG_CACHE_PUBLIC|RSA_FLAG_CACHE_PRIVATE; + return(1); + } + +static int RSA_eay_finish(rsa) +RSA *rsa; + { + if (rsa->method_mod_n != NULL) + BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_n); + if (rsa->method_mod_p != NULL) + BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_p); + if (rsa->method_mod_q != NULL) + BN_MONT_CTX_free((BN_MONT_CTX *)rsa->method_mod_q); + return(1); + } + + diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 04a5ba2..796b3af 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -60,6 +60,7 @@ #include "rsa.h" /* BEGIN ERROR CODES */ +#ifndef NO_ERR static ERR_STRING_DATA RSA_str_functs[]= { {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, @@ -68,6 +69,14 @@ static ERR_STRING_DATA RSA_str_functs[]= {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_ENCRYPT,0), "RSA_EAY_PUBLIC_ENCRYPT"}, {ERR_PACK(0,RSA_F_RSA_GENERATE_KEY,0), "RSA_generate_key"}, {ERR_PACK(0,RSA_F_RSA_NEW_METHOD,0), "RSA_new_method"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_NONE,0), "RSA_padding_add_none"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,0), "RSA_padding_add_PKCS1_type_1"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,0), "RSA_padding_add_PKCS1_type_2"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_ADD_SSLV23,0), "RSA_padding_add_SSLv23"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_NONE,0), "RSA_padding_check_none"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,0), "RSA_padding_check_PKCS1_type_1"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,0), "RSA_padding_check_PKCS1_type_2"}, +{ERR_PACK(0,RSA_F_RSA_PADDING_CHECK_SSLV23,0), "RSA_padding_check_SSLv23"}, {ERR_PACK(0,RSA_F_RSA_PRINT,0), "RSA_print"}, {ERR_PACK(0,RSA_F_RSA_PRINT_FP,0), "RSA_print_fp"}, {ERR_PACK(0,RSA_F_RSA_SIGN,0), "RSA_sign"}, @@ -84,12 +93,16 @@ static ERR_STRING_DATA RSA_str_reasons[]= {RSA_R_BAD_FIXED_HEADER_DECRYPT ,"bad fixed header decrypt"}, {RSA_R_BAD_PAD_BYTE_COUNT ,"bad pad byte count"}, {RSA_R_BAD_SIGNATURE ,"bad signature"}, +{RSA_R_BAD_ZERO_BYTE ,"bad zero byte"}, {RSA_R_BLOCK_TYPE_IS_NOT_01 ,"block type is not 01"}, {RSA_R_BLOCK_TYPE_IS_NOT_02 ,"block type is not 02"}, {RSA_R_DATA_GREATER_THAN_MOD_LEN ,"data greater than mod len"}, +{RSA_R_DATA_TOO_LARGE ,"data too large"}, {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, +{RSA_R_DATA_TOO_SMALL ,"data too small"}, {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, +{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, {RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, {RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, @@ -98,14 +111,19 @@ static ERR_STRING_DATA RSA_str_reasons[]= {0,NULL}, }; +#endif + void ERR_load_RSA_strings() { static int init=1; - if (init) - { + if (init); + {; init=0; +#ifndef NO_ERR ERR_load_strings(ERR_LIB_RSA,RSA_str_functs); ERR_load_strings(ERR_LIB_RSA,RSA_str_reasons); +#endif + } } diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c index 0cab3a5..aed2351 100644 --- a/crypto/rsa/rsa_gen.c +++ b/crypto/rsa/rsa_gen.c @@ -1,5 +1,5 @@ /* crypto/rsa/rsa_gen.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -62,10 +62,11 @@ #include "bn.h" #include "rsa.h" -RSA *RSA_generate_key(bits, e_value, callback) +RSA *RSA_generate_key(bits, e_value, callback,cb_arg) int bits; unsigned long e_value; -void (*callback)(P_I_I); +void (*callback)(P_I_I_P); +char *cb_arg; { RSA *rsa=NULL; BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp; @@ -95,27 +96,27 @@ void (*callback)(P_I_I); /* generate p and q */ for (;;) { - rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback); + rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback,cb_arg); if (rsa->p == NULL) goto err; if (!BN_sub(r2,rsa->p,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; if (BN_is_one(r1)) break; - if (callback != NULL) callback(2,n++); + if (callback != NULL) callback(2,n++,cb_arg); BN_free(rsa->p); } - if (callback != NULL) callback(3,0); + if (callback != NULL) callback(3,0,cb_arg); for (;;) { - rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback); + rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback,cb_arg); if (rsa->q == NULL) goto err; if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err; if (BN_is_one(r1) && (BN_cmp(rsa->p,rsa->q) != 0)) break; - if (callback != NULL) callback(2,n++); + if (callback != NULL) callback(2,n++,cb_arg); BN_free(rsa->q); } - if (callback != NULL) callback(3,1); + if (callback != NULL) callback(3,1,cb_arg); if (BN_cmp(rsa->p,rsa->q) < 0) { tmp=rsa->p; diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c index c49d0ee..95a56f8 100644 --- a/crypto/rsa/rsa_lib.c +++ b/crypto/rsa/rsa_lib.c @@ -1,5 +1,5 @@ /* crypto/rsa/rsa_lib.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -57,13 +57,17 @@ */ #include <stdio.h> +#include "crypto.h" #include "cryptlib.h" +#include "lhash.h" #include "bn.h" #include "rsa.h" -char *RSA_version="RSA part of SSLeay 0.8.1b 29-Jun-1998"; +char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998"; static RSA_METHOD *default_RSA_meth=NULL; +static int rsa_meth_num=0; +static STACK *rsa_meth=NULL; RSA *RSA_new() { @@ -112,12 +116,17 @@ RSA_METHOD *meth; ret->dmq1=NULL; ret->iqmp=NULL; ret->references=1; - ret->app_data=NULL; + ret->method_mod_n=NULL; + ret->method_mod_p=NULL; + ret->method_mod_q=NULL; + ret->blinding=NULL; + ret->flags=ret->meth->flags; if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { Free(ret); ret=NULL; } + CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data); return(ret); } @@ -129,6 +138,9 @@ RSA *r; if (r == NULL) return; i=CRYPTO_add(&r->references,-1,CRYPTO_LOCK_RSA); +#ifdef REF_PRINT + REF_PRINT("RSA",r); +#endif if (i > 0) return; #ifdef REF_CHECK if (i < 0) @@ -138,6 +150,8 @@ RSA *r; } #endif + CRYPTO_free_ex_data(rsa_meth,(char *)r,&r->ex_data); + if (r->meth->finish != NULL) r->meth->finish(r); @@ -149,9 +163,37 @@ RSA *r; if (r->dmp1 != NULL) BN_clear_free(r->dmp1); if (r->dmq1 != NULL) BN_clear_free(r->dmq1); if (r->iqmp != NULL) BN_clear_free(r->iqmp); + if (r->blinding != NULL) BN_BLINDING_free(r->blinding); Free(r); } +int RSA_get_ex_new_index(argl,argp,new_func,dup_func,free_func) +long argl; +char *argp; +int (*new_func)(); +int (*dup_func)(); +void (*free_func)(); + { + rsa_meth_num++; + return(CRYPTO_get_ex_new_index(rsa_meth_num-1, + &rsa_meth,argl,argp,new_func,dup_func,free_func)); + } + +int RSA_set_ex_data(r,idx,arg) +RSA *r; +int idx; +char *arg; + { + return(CRYPTO_set_ex_data(&r->ex_data,idx,arg)); + } + +char *RSA_get_ex_data(r,idx) +RSA *r; +int idx; + { + return(CRYPTO_get_ex_data(&r->ex_data,idx)); + } + int RSA_size(r) RSA *r; { @@ -198,3 +240,55 @@ int padding; return(rsa->meth->rsa_pub_dec(flen, from, to, rsa, padding)); } +int RSA_flags(r) +RSA *r; + { + return((r == NULL)?0:r->meth->flags); + } + +void RSA_blinding_off(rsa) +RSA *rsa; + { + if (rsa->blinding != NULL) + { + BN_BLINDING_free(rsa->blinding); + rsa->blinding=NULL; + } + rsa->flags&= ~RSA_FLAG_BLINDING; + } + +int RSA_blinding_on(rsa,p_ctx) +RSA *rsa; +BN_CTX *p_ctx; + { + BIGNUM *A,*Ai; + BN_CTX *ctx; + int ret=0; + + if (p_ctx == NULL) + { + if ((ctx=BN_CTX_new()) == NULL) goto err; + } + else + ctx=p_ctx; + + if (rsa->blinding != NULL) + BN_BLINDING_free(rsa->blinding); + + A=ctx->bn[0]; + ctx->tos++; + if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err; + if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err; + + if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx, + (char *)rsa->method_mod_n)) goto err; + rsa->blinding=BN_BLINDING_new(A,Ai,rsa->n); + ctx->tos--; + rsa->flags|=RSA_FLAG_BLINDING; + BN_free(Ai); + ret=1; +err: + if (ctx != p_ctx) BN_CTX_free(ctx); + return(ret); + } + diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c new file mode 100644 index 0000000..f0dd943 --- /dev/null +++ b/crypto/rsa/rsa_none.c @@ -0,0 +1,109 @@ +/* crypto/rsa/rsa_none.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rand.h" + +int RSA_padding_add_none(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + if (flen >= tlen) + { + RSAerr(RSA_F_RSA_PADDING_ADD_NONE,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + *(to++)=0; + memcpy(to,from,(unsigned int)flen); + return(1); + } + +int RSA_padding_check_none(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int j; + + from++; + if (flen+1 > tlen) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE); + return(-1); + } + if (*(from++) != 0) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE); + return(-1); + } + + /* scan over padding data */ + j=flen-1; /* one for type and one for the prepended 0. */ + memset(to,0,tlen-j); + to+=(tlen-j); + memcpy(to,from,j); + return(j); + } + diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c new file mode 100644 index 0000000..2791291 --- /dev/null +++ b/crypto/rsa/rsa_pk1.c @@ -0,0 +1,233 @@ +/* crypto/rsa/rsa_pk1.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rand.h" + +#ifndef NOPROTO +int RSA_padding_add_PKCS1_type_1(); +int RSA_padding_check_PKCS1_type_1(); +int RSA_padding_add_PKCS1_type_2(); +int RSA_padding_check_PKCS1_type_2(); +int RSA_padding_add_SSLv23(); +int RSA_padding_check_SSLv23(); +int RSA_padding_add_none(); +int RSA_padding_check_none(); + +#endif + +int RSA_padding_add_PKCS1_type_1(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int j; + unsigned char *p; + + if (flen > (tlen-11)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + p=(unsigned char *)to; + + *(p++)=0; + *(p++)=1; /* Private Key BT (Block Type) */ + + /* padd out with 0xff data */ + j=tlen-3-flen; + memset(p,0xff,j); + p+=j; + *(p++)='\0'; + memcpy(p,from,(unsigned int)flen); + return(1); + } + +int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int i,j; + unsigned char *p; + + p=from; + if (*(p++) != 01) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01); + return(-1); + } + + /* scan over padding data */ + j=flen-1; /* one for type. */ + for (i=0; i<j; i++) + { + if (*p != 0xff) /* should decrypt to 0xff */ + { + if (*p == 0) + { p++; break; } + else { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_FIXED_HEADER_DECRYPT); + return(-1); + } + } + p++; + } + + if (i == j) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_NULL_BEFORE_BLOCK_MISSING); + return(-1); + } + + if (i < 8) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BAD_PAD_BYTE_COUNT); + return(-1); + } + i++; /* Skip over the '\0' */ + j-=i; + memcpy(to,p,(unsigned int)j); + + return(j); + } + +int RSA_padding_add_PKCS1_type_2(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int i,j; + unsigned char *p; + + if (flen > (tlen-11)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + p=(unsigned char *)to; + + *(p++)=0; + *(p++)=2; /* Public Key BT (Block Type) */ + + /* pad out with non-zero random data */ + j=tlen-3-flen; + + RAND_bytes(p,j); + for (i=0; i<j; i++) + { + if (*p == '\0') + do { + RAND_bytes(p,1); + } while (*p == '\0'); + p++; + } + + *(p++)='\0'; + + memcpy(p,from,(unsigned int)flen); + return(1); + } + +int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int i,j; + unsigned char *p; + + p=from; + if (*(p++) != 02) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02); + return(-1); + } + + /* scan over padding data */ + j=flen-1; /* one for type. */ + for (i=0; i<j; i++) + if (*(p++) == 0) break; + + if (i == j) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_NULL_BEFORE_BLOCK_MISSING); + return(-1); + } + + if (i < 8) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BAD_PAD_BYTE_COUNT); + return(-1); + } + i++; /* Skip over the '\0' */ + j-=i; + memcpy(to,p,(unsigned int)j); + + return(j); + } + diff --git a/crypto/rsa/rsa_saos.c b/crypto/rsa/rsa_saos.c index 62c2112..fb0fae5 100644 --- a/crypto/rsa/rsa_saos.c +++ b/crypto/rsa/rsa_saos.c @@ -1,5 +1,5 @@ /* crypto/rsa/rsa_saos.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c index 7c815ed..28c5571 100644 --- a/crypto/rsa/rsa_sign.c +++ b/crypto/rsa/rsa_sign.c @@ -1,5 +1,5 @@ /* crypto/rsa/rsa_sign.c */ -/* Copyright (C) 1995-1997 Eric Young (eay@cryptsoft.com) +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) * All rights reserved. * * This package is an SSL implementation written @@ -170,7 +170,7 @@ RSA *rsa; (sigtype == NID_md2WithRSAEncryption))) { /* ok, we will let it through */ -#ifndef WIN16 +#if !defined(NO_STDIO) && !defined(WIN16) fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); #endif } diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c new file mode 100644 index 0000000..9bcd4b2 --- /dev/null +++ b/crypto/rsa/rsa_ssl.c @@ -0,0 +1,153 @@ +/* crypto/rsa/rsa_ssl.c */ +/* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) + * All rights reserved. + * + * This package is an SSL implementation written + * by Eric Young (eay@cryptsoft.com). + * The implementation was written so as to conform with Netscapes SSL. + * + * This library is free for commercial and non-commercial use as long as + * the following conditions are aheared to. The following conditions + * apply to all code found in this distribution, be it the RC4, RSA, + * lhash, DES, etc., code; not just the SSL code. The SSL documentation + * included with this distribution is covered by the same copyright terms + * except that the holder is Tim Hudson (tjh@cryptsoft.com). + * + * Copyright remains Eric Young's, and as such any Copyright notices in + * the code are not to be removed. + * If this package is used in a product, Eric Young should be given attribution + * as the author of the parts of the library used. + * This can be in the form of a textual message at program startup or + * in documentation (online or textual) provided with the package. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * 3. All advertising materials mentioning features or use of this software + * must display the following acknowledgement: + * "This product includes cryptographic software written by + * Eric Young (eay@cryptsoft.com)" + * The word 'cryptographic' can be left out if the rouines from the library + * being used are not cryptographic related :-). + * 4. If you include any Windows specific code (or a derivative thereof) from + * the apps directory (application code) you must include an acknowledgement: + * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" + * + * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. + * + * The licence and distribution terms for any publically available version or + * derivative of this code cannot be changed. i.e. this code cannot simply be + * copied and put under another distribution licence + * [including the GNU Public Licence.] + */ + +#include <stdio.h> +#include "cryptlib.h" +#include "bn.h" +#include "rsa.h" +#include "rand.h" + +int RSA_padding_add_SSLv23(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int i,j; + unsigned char *p; + + if (flen > (tlen-11)) + { + RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE); + return(0); + } + + p=(unsigned char *)to; + + *(p++)=0; + *(p++)=2; /* Public Key BT (Block Type) */ + + /* pad out with non-zero random data */ + j=tlen-3-8-flen; + + RAND_bytes(p,j); + for (i=0; i<j; i++) + { + if (*p == '\0') + do { + RAND_bytes(p,1); + } while (*p == '\0'); + p++; + } + + memset(p,3,8); + p+=8; + *(p++)='\0'; + + memcpy(p,from,(unsigned int)flen); + return(1); + } + +int RSA_padding_check_SSLv23(to,tlen,from,flen) +unsigned char *to; +int tlen; +unsigned char *from; +int flen; + { + int i,j,k; + unsigned char *p; + + p=from; + if (flen < 10) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL); + return(-1); + } + if (*(p++) != 02) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02); + return(-1); + } + + /* scan over padding data */ + j=flen-1; /* one for type */ + for (i=0; i<j; i++) + if (*(p++) == 0) break; + + if ((i == j) || (i < 8)) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING); + return(-1); + } + for (k= -8; k<0; k++) + { + if (p[k] != 0x03) break; + } + if (k == 0) + { + RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK); + return(-1); + } + + i++; /* Skip over the '\0' */ + j-=i; + memcpy(to,p,(unsigned int)j); + + return(j); + } + |