diff options
author | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-03-29 16:39:12 +0900 |
---|---|---|
committer | Shigeki Ohtsu <ohtsu@ohtsu.org> | 2018-04-10 06:45:42 +0900 |
commit | 66cb29e64621fdd1aa5e377a395ff107d21a613b (patch) | |
tree | f05243a51577e04b6f1c4a2f8a6b7b2f05786079 /deps/openssl/openssl/crypto/rsa/rsa_ameth.c | |
parent | 38c97f5dc7ff3fbf83982d0268fc9e93cfc00c7d (diff) | |
download | android-node-v8-66cb29e64621fdd1aa5e377a395ff107d21a613b.tar.gz android-node-v8-66cb29e64621fdd1aa5e377a395ff107d21a613b.tar.bz2 android-node-v8-66cb29e64621fdd1aa5e377a395ff107d21a613b.zip |
deps: upgrade openssl sources to 1.1.0h
This updates all sources in deps/openssl/openssl with openssl-1.1.0h.
Fixes: https://github.com/nodejs/node/issues/4270
PR-URL: https://github.com/nodejs/node/pull/19794
Reviewed-By: James M Snell <jasnell@gmail.com>
Reviewed-By: Rod Vagg <rod@vagg.org>
Reviewed-By: Michael Dawson <michael_dawson@ca.ibm.com>
Diffstat (limited to 'deps/openssl/openssl/crypto/rsa/rsa_ameth.c')
-rw-r--r-- | deps/openssl/openssl/crypto/rsa/rsa_ameth.c | 222 |
1 files changed, 61 insertions, 161 deletions
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c index ddead3d744..4a12276a31 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_ameth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_ameth.c @@ -1,72 +1,21 @@ -/* crypto/rsa/rsa_ameth.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2018 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> -#include <openssl/rsa.h> #include <openssl/bn.h> -#ifndef OPENSSL_NO_CMS -# include <openssl/cms.h> -#endif -#include "asn1_locl.h" +#include <openssl/cms.h> +#include "internal/asn1_int.h" +#include "internal/evp_int.h" +#include "rsa_locl.h" #ifndef OPENSSL_NO_CMS static int rsa_cms_sign(CMS_SignerInfo *si); @@ -95,9 +44,10 @@ static int rsa_pub_decode(EVP_PKEY *pkey, X509_PUBKEY *pubkey) const unsigned char *p; int pklen; RSA *rsa = NULL; + if (!X509_PUBKEY_get0_param(NULL, &p, &pklen, NULL, pubkey)) return 0; - if (!(rsa = d2i_RSAPublicKey(NULL, &p, pklen))) { + if ((rsa = d2i_RSAPublicKey(NULL, &p, pklen)) == NULL) { RSAerr(RSA_F_RSA_PUB_DECODE, ERR_R_RSA_LIB); return 0; } @@ -117,7 +67,8 @@ static int old_rsa_priv_decode(EVP_PKEY *pkey, const unsigned char **pder, int derlen) { RSA *rsa; - if (!(rsa = d2i_RSAPrivateKey(NULL, pder, derlen))) { + + if ((rsa = d2i_RSAPrivateKey(NULL, pder, derlen)) == NULL) { RSAerr(RSA_F_OLD_RSA_PRIV_DECODE, ERR_R_RSA_LIB); return 0; } @@ -150,7 +101,7 @@ static int rsa_priv_encode(PKCS8_PRIV_KEY_INFO *p8, const EVP_PKEY *pkey) return 1; } -static int rsa_priv_decode(EVP_PKEY *pkey, PKCS8_PRIV_KEY_INFO *p8) +static int rsa_priv_decode(EVP_PKEY *pkey, const PKCS8_PRIV_KEY_INFO *p8) { const unsigned char *p; int pklen; @@ -169,45 +120,21 @@ static int rsa_bits(const EVP_PKEY *pkey) return BN_num_bits(pkey->pkey.rsa->n); } -static void int_rsa_free(EVP_PKEY *pkey) +static int rsa_security_bits(const EVP_PKEY *pkey) { - RSA_free(pkey->pkey.rsa); + return RSA_security_bits(pkey->pkey.rsa); } -static void update_buflen(const BIGNUM *b, size_t *pbuflen) +static void int_rsa_free(EVP_PKEY *pkey) { - size_t i; - if (!b) - return; - if (*pbuflen < (i = (size_t)BN_num_bytes(b))) - *pbuflen = i; + RSA_free(pkey->pkey.rsa); } static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) { char *str; const char *s; - unsigned char *m = NULL; int ret = 0, mod_len = 0; - size_t buf_len = 0; - - update_buflen(x->n, &buf_len); - update_buflen(x->e, &buf_len); - - if (priv) { - update_buflen(x->d, &buf_len); - update_buflen(x->p, &buf_len); - update_buflen(x->q, &buf_len); - update_buflen(x->dmp1, &buf_len); - update_buflen(x->dmq1, &buf_len); - update_buflen(x->iqmp, &buf_len); - } - - m = (unsigned char *)OPENSSL_malloc(buf_len + 10); - if (m == NULL) { - RSAerr(RSA_F_DO_RSA_PRINT, ERR_R_MALLOC_FAILURE); - goto err; - } if (x->n != NULL) mod_len = BN_num_bits(x->n); @@ -216,40 +143,36 @@ static int do_rsa_print(BIO *bp, const RSA *x, int off, int priv) goto err; if (priv && x->d) { - if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) - <= 0) + if (BIO_printf(bp, "Private-Key: (%d bit)\n", mod_len) <= 0) goto err; str = "modulus:"; s = "publicExponent:"; } else { - if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) - <= 0) + if (BIO_printf(bp, "Public-Key: (%d bit)\n", mod_len) <= 0) goto err; str = "Modulus:"; s = "Exponent:"; } - if (!ASN1_bn_print(bp, str, x->n, m, off)) + if (!ASN1_bn_print(bp, str, x->n, NULL, off)) goto err; - if (!ASN1_bn_print(bp, s, x->e, m, off)) + if (!ASN1_bn_print(bp, s, x->e, NULL, off)) goto err; if (priv) { - if (!ASN1_bn_print(bp, "privateExponent:", x->d, m, off)) + if (!ASN1_bn_print(bp, "privateExponent:", x->d, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "prime1:", x->p, m, off)) + if (!ASN1_bn_print(bp, "prime1:", x->p, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "prime2:", x->q, m, off)) + if (!ASN1_bn_print(bp, "prime2:", x->q, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, m, off)) + if (!ASN1_bn_print(bp, "exponent1:", x->dmp1, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, m, off)) + if (!ASN1_bn_print(bp, "exponent2:", x->dmq1, NULL, off)) goto err; - if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, m, off)) + if (!ASN1_bn_print(bp, "coefficient:", x->iqmp, NULL, off)) goto err; } ret = 1; err: - if (m != NULL) - OPENSSL_free(m); return (ret); } @@ -268,34 +191,23 @@ static int rsa_priv_print(BIO *bp, const EVP_PKEY *pkey, int indent, /* Given an MGF1 Algorithm ID decode to an Algorithm Identifier */ static X509_ALGOR *rsa_mgf1_decode(X509_ALGOR *alg) { - const unsigned char *p; - int plen; - if (alg == NULL || alg->parameter == NULL) + if (alg == NULL) return NULL; if (OBJ_obj2nid(alg->algorithm) != NID_mgf1) return NULL; - if (alg->parameter->type != V_ASN1_SEQUENCE) - return NULL; - - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; - return d2i_X509_ALGOR(NULL, &p, plen); + return ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(X509_ALGOR), + alg->parameter); } static RSA_PSS_PARAMS *rsa_pss_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { - const unsigned char *p; - int plen; RSA_PSS_PARAMS *pss; *pmaskHash = NULL; - if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) - return NULL; - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; - pss = d2i_RSA_PSS_PARAMS(NULL, &p, plen); + pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_PSS_PARAMS), + alg->parameter); if (!pss) return NULL; @@ -387,10 +299,8 @@ static int rsa_sig_print(BIO *bp, const X509_ALGOR *sigalg, X509_ALGOR *maskHash; pss = rsa_pss_decode(sigalg, &maskHash); rv = rsa_pss_param_print(bp, pss, maskHash, indent); - if (pss) - RSA_PSS_PARAMS_free(pss); - if (maskHash) - X509_ALGOR_free(maskHash); + RSA_PSS_PARAMS_free(pss); + X509_ALGOR_free(maskHash); if (!rv) return 0; } else if (!sig && BIO_puts(bp, "\n") <= 0) @@ -456,7 +366,7 @@ static int rsa_md_to_algor(X509_ALGOR **palg, const EVP_MD *md) if (EVP_MD_type(md) == NID_sha1) return 1; *palg = X509_ALGOR_new(); - if (!*palg) + if (*palg == NULL) return 0; X509_ALGOR_set_md(*palg, md); return 1; @@ -476,15 +386,13 @@ static int rsa_md_to_mgf1(X509_ALGOR **palg, const EVP_MD *mgf1md) if (!ASN1_item_pack(algtmp, ASN1_ITEM_rptr(X509_ALGOR), &stmp)) goto err; *palg = X509_ALGOR_new(); - if (!*palg) + if (*palg == NULL) goto err; X509_ALGOR_set0(*palg, OBJ_nid2obj(NID_mgf1), V_ASN1_SEQUENCE, stmp); stmp = NULL; err: - if (stmp) - ASN1_STRING_free(stmp); - if (algtmp) - X509_ALGOR_free(algtmp); + ASN1_STRING_free(stmp); + X509_ALGOR_free(algtmp); if (*palg) return 1; return 0; @@ -551,11 +459,11 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) saltlen--; } pss = RSA_PSS_PARAMS_new(); - if (!pss) + if (pss == NULL) goto err; if (saltlen != 20) { pss->saltLength = ASN1_INTEGER_new(); - if (!pss->saltLength) + if (pss->saltLength == NULL) goto err; if (!ASN1_INTEGER_set(pss->saltLength, saltlen)) goto err; @@ -569,18 +477,16 @@ static ASN1_STRING *rsa_ctx_to_pss(EVP_PKEY_CTX *pkctx) goto err; rv = 1; err: - if (pss) - RSA_PSS_PARAMS_free(pss); + RSA_PSS_PARAMS_free(pss); if (rv) return os; - if (os) - ASN1_STRING_free(os); + ASN1_STRING_free(os); return NULL; } /* * From PSS AlgorithmIdentifier set public key parameters. If pkey isn't NULL - * then the EVP_MD_CTX is setup and initalised. If it is NULL parameters are + * then the EVP_MD_CTX is setup and initialised. If it is NULL parameters are * passed to pkctx instead. */ @@ -662,8 +568,7 @@ static int rsa_pss_to_ctx(EVP_MD_CTX *ctx, EVP_PKEY_CTX *pkctx, err: RSA_PSS_PARAMS_free(pss); - if (maskHash) - X509_ALGOR_free(maskHash); + X509_ALGOR_free(maskHash); return rv; } @@ -741,7 +646,7 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, ASN1_BIT_STRING *sig) { int pad_mode; - EVP_PKEY_CTX *pkctx = ctx->pctx; + EVP_PKEY_CTX *pkctx = EVP_MD_CTX_pkey_ctx(ctx); if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; if (pad_mode == RSA_PKCS1_PADDING) @@ -772,17 +677,12 @@ static int rsa_item_sign(EVP_MD_CTX *ctx, const ASN1_ITEM *it, void *asn, static RSA_OAEP_PARAMS *rsa_oaep_decode(const X509_ALGOR *alg, X509_ALGOR **pmaskHash) { - const unsigned char *p; - int plen; RSA_OAEP_PARAMS *pss; *pmaskHash = NULL; - if (!alg->parameter || alg->parameter->type != V_ASN1_SEQUENCE) - return NULL; - p = alg->parameter->value.sequence->data; - plen = alg->parameter->value.sequence->length; - pss = d2i_RSA_OAEP_PARAMS(NULL, &p, plen); + pss = ASN1_TYPE_unpack_sequence(ASN1_ITEM_rptr(RSA_OAEP_PARAMS), + alg->parameter); if (!pss) return NULL; @@ -860,8 +760,7 @@ static int rsa_cms_decrypt(CMS_RecipientInfo *ri) err: RSA_OAEP_PARAMS_free(oaep); - if (maskHash) - X509_ALGOR_free(maskHash); + X509_ALGOR_free(maskHash); return rv; } @@ -874,7 +773,8 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) EVP_PKEY_CTX *pkctx = CMS_RecipientInfo_get0_pkey_ctx(ri); int pad_mode = RSA_PKCS1_PADDING, rv = 0, labellen; unsigned char *label; - CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg); + if (CMS_RecipientInfo_ktri_get0_algs(ri, NULL, NULL, &alg) <= 0) + return 0; if (pkctx) { if (EVP_PKEY_CTX_get_rsa_padding(pkctx, &pad_mode) <= 0) return 0; @@ -894,18 +794,19 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) if (labellen < 0) goto err; oaep = RSA_OAEP_PARAMS_new(); - if (!oaep) + if (oaep == NULL) goto err; if (!rsa_md_to_algor(&oaep->hashFunc, md)) goto err; if (!rsa_md_to_mgf1(&oaep->maskGenFunc, mgf1md)) goto err; if (labellen > 0) { - ASN1_OCTET_STRING *los = ASN1_OCTET_STRING_new(); + ASN1_OCTET_STRING *los; oaep->pSourceFunc = X509_ALGOR_new(); - if (!oaep->pSourceFunc) + if (oaep->pSourceFunc == NULL) goto err; - if (!los) + los = ASN1_OCTET_STRING_new(); + if (los == NULL) goto err; if (!ASN1_OCTET_STRING_set(los, label, labellen)) { ASN1_OCTET_STRING_free(los); @@ -921,15 +822,13 @@ static int rsa_cms_encrypt(CMS_RecipientInfo *ri) os = NULL; rv = 1; err: - if (oaep) - RSA_OAEP_PARAMS_free(oaep); - if (os) - ASN1_STRING_free(os); + RSA_OAEP_PARAMS_free(oaep); + ASN1_STRING_free(os); return rv; } #endif -const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { +const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[2] = { { EVP_PKEY_RSA, EVP_PKEY_RSA, @@ -949,6 +848,7 @@ const EVP_PKEY_ASN1_METHOD rsa_asn1_meths[] = { int_rsa_size, rsa_bits, + rsa_security_bits, 0, 0, 0, 0, 0, 0, |