diff options
Diffstat (limited to 'deps/openssl/openssl/crypto/rsa/rsa_pmeth.c')
-rw-r--r-- | deps/openssl/openssl/crypto/rsa/rsa_pmeth.c | 286 |
1 files changed, 88 insertions, 198 deletions
diff --git a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c index 00e730ffa9..2d1dffbbb5 100644 --- a/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c +++ b/deps/openssl/openssl/crypto/rsa/rsa_pmeth.c @@ -1,77 +1,22 @@ -/* crypto/rsa/rsa_pmeth.c */ /* - * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project - * 2006. - */ -/* ==================================================================== - * Copyright (c) 2006 The OpenSSL Project. All rights reserved. - * - * Redistribution and use in source and binary forms, with or without - * modification, are permitted provided that the following conditions - * are met: - * - * 1. Redistributions of source code must retain the above copyright - * notice, this list of conditions and the following disclaimer. - * - * 2. Redistributions in binary form must reproduce the above copyright - * notice, this list of conditions and the following disclaimer in - * the documentation and/or other materials provided with the - * distribution. - * - * 3. All advertising materials mentioning features or use of this - * software must display the following acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" - * - * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to - * endorse or promote products derived from this software without - * prior written permission. For written permission, please contact - * licensing@OpenSSL.org. - * - * 5. Products derived from this software may not be called "OpenSSL" - * nor may "OpenSSL" appear in their names without prior written - * permission of the OpenSSL Project. - * - * 6. Redistributions of any form whatsoever must retain the following - * acknowledgment: - * "This product includes software developed by the OpenSSL Project - * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" - * - * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY - * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE - * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR - * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR - * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT - * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; - * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) - * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, - * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) - * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED - * OF THE POSSIBILITY OF SUCH DAMAGE. - * ==================================================================== - * - * This product includes cryptographic software written by Eric Young - * (eay@cryptsoft.com). This product includes software written by Tim - * Hudson (tjh@cryptsoft.com). + * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved. * + * Licensed under the OpenSSL license (the "License"). You may not use + * this file except in compliance with the License. You can obtain a copy + * in the file LICENSE in the source distribution or at + * https://www.openssl.org/source/license.html */ #include <stdio.h> -#include "cryptlib.h" +#include "internal/cryptlib.h" #include <openssl/asn1t.h> #include <openssl/x509.h> #include <openssl/rsa.h> #include <openssl/bn.h> #include <openssl/evp.h> #include <openssl/x509v3.h> -#ifndef OPENSSL_NO_CMS -# include <openssl/cms.h> -#endif -#ifdef OPENSSL_FIPS -# include <openssl/fips.h> -#endif -#include "evp_locl.h" +#include <openssl/cms.h> +#include "internal/evp_int.h" #include "rsa_locl.h" /* RSA pkey context structure */ @@ -100,21 +45,12 @@ typedef struct { static int pkey_rsa_init(EVP_PKEY_CTX *ctx) { RSA_PKEY_CTX *rctx; - rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); - if (!rctx) + rctx = OPENSSL_zalloc(sizeof(*rctx)); + if (rctx == NULL) return 0; rctx->nbits = 1024; - rctx->pub_exp = NULL; rctx->pad_mode = RSA_PKCS1_PADDING; - rctx->md = NULL; - rctx->mgf1md = NULL; - rctx->tbuf = NULL; - rctx->saltlen = -2; - - rctx->oaep_label = NULL; - rctx->oaep_labellen = 0; - ctx->data = rctx; ctx->keygen_info = rctx->gentmp; ctx->keygen_info_count = 2; @@ -139,9 +75,8 @@ static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) dctx->md = sctx->md; dctx->mgf1md = sctx->mgf1md; if (sctx->oaep_label) { - if (dctx->oaep_label) - OPENSSL_free(dctx->oaep_label); - dctx->oaep_label = BUF_memdup(sctx->oaep_label, sctx->oaep_labellen); + OPENSSL_free(dctx->oaep_label); + dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen); if (!dctx->oaep_label) return 0; dctx->oaep_labellen = sctx->oaep_labellen; @@ -154,7 +89,7 @@ static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) if (ctx->tbuf) return 1; ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); - if (!ctx->tbuf) + if (ctx->tbuf == NULL) return 0; return 1; } @@ -163,48 +98,13 @@ static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) { RSA_PKEY_CTX *rctx = ctx->data; if (rctx) { - if (rctx->pub_exp) - BN_free(rctx->pub_exp); - if (rctx->tbuf) - OPENSSL_free(rctx->tbuf); - if (rctx->oaep_label) - OPENSSL_free(rctx->oaep_label); + BN_free(rctx->pub_exp); + OPENSSL_free(rctx->tbuf); + OPENSSL_free(rctx->oaep_label); OPENSSL_free(rctx); } } -#ifdef OPENSSL_FIPS -/* - * FIP checker. Return value indicates status of context parameters: 1 : - * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in - * FIPS mode. - */ - -static int pkey_fips_check_rsa(const RSA *rsa, const EVP_MD **pmd, - const EVP_MD **pmgf1md) -{ - int rv = -1; - - if (!FIPS_mode()) - return 0; - if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) - rv = 0; - if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) - return -1; - if (*pmd != NULL) { - *pmd = FIPS_get_digestbynid(EVP_MD_type(*pmd)); - if (*pmd == NULL || !((*pmd)->flags & EVP_MD_FLAG_FIPS)) - return rv; - } - if (*pmgf1md != NULL) { - *pmgf1md = FIPS_get_digestbynid(EVP_MD_type(*pmgf1md)); - if (*pmgf1md == NULL || !((*pmgf1md)->flags & EVP_MD_FLAG_FIPS)) - return rv; - } - return 1; -} -#endif - static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, const unsigned char *tbs, size_t tbslen) @@ -212,41 +112,19 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int ret; RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; - const EVP_MD *md = rctx->md; - const EVP_MD *mgf1md = rctx->mgf1md; - -#ifdef OPENSSL_FIPS - ret = pkey_fips_check_rsa(rsa, &md, &mgf1md); - if (ret < 0) { - RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return -1; - } -#endif - if (md != NULL) { - if (tbslen != (size_t)EVP_MD_size(md)) { + if (rctx->md) { + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); return -1; } -#ifdef OPENSSL_FIPS - if (ret > 0) { - unsigned int slen; - ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, md, rctx->pad_mode, - rctx->saltlen, mgf1md, sig, &slen); - if (ret > 0) - *siglen = slen; - else - *siglen = 0; - return ret; - } -#endif - if (EVP_MD_type(md) == NID_mdc2) { + if (EVP_MD_type(rctx->md) == NID_mdc2) { unsigned int sltmp; if (rctx->pad_mode != RSA_PKCS1_PADDING) return -1; - ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, tbs, tbslen, sig, &sltmp, - rsa); + ret = RSA_sign_ASN1_OCTET_STRING(0, + tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; @@ -261,20 +139,23 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, return -1; } memcpy(rctx->tbuf, tbs, tbslen); - rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(md)); + rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, sig, rsa, RSA_X931_PADDING); } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { unsigned int sltmp; - ret = RSA_sign(EVP_MD_type(md), tbs, tbslen, sig, &sltmp, rsa); + ret = RSA_sign(EVP_MD_type(rctx->md), + tbs, tbslen, sig, &sltmp, rsa); if (ret <= 0) return ret; ret = sltmp; } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { if (!setup_tbuf(rctx, ctx)) return -1; - if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, rctx->tbuf, tbs, - md, mgf1md, rctx->saltlen)) + if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, + rctx->tbuf, tbs, + rctx->md, rctx->mgf1md, + rctx->saltlen)) return -1; ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, sig, rsa, RSA_NO_PADDING); @@ -343,31 +224,12 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, { RSA_PKEY_CTX *rctx = ctx->data; RSA *rsa = ctx->pkey->pkey.rsa; - const EVP_MD *md = rctx->md; - const EVP_MD *mgf1md = rctx->mgf1md; size_t rslen; - -#ifdef OPENSSL_FIPS - int rv = pkey_fips_check_rsa(rsa, &md, &mgf1md); - - if (rv < 0) { - RSAerr(RSA_F_PKEY_RSA_VERIFY, - RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); - return -1; - } -#endif - if (md != NULL) { -#ifdef OPENSSL_FIPS - if (rv > 0) { - return FIPS_rsa_verify_digest(rsa, tbs, tbslen, md, rctx->pad_mode, - rctx->saltlen, mgf1md, sig, siglen); - - } -#endif + if (rctx->md) { if (rctx->pad_mode == RSA_PKCS1_PADDING) - return RSA_verify(EVP_MD_type(md), tbs, tbslen, + return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, sig, siglen, rsa); - if (tbslen != (size_t)EVP_MD_size(md)) { + if (tbslen != (size_t)EVP_MD_size(rctx->md)) { RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_INVALID_DIGEST_LENGTH); return -1; } @@ -382,7 +244,8 @@ static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, rsa, RSA_NO_PADDING); if (ret <= 0) return 0; - ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, md, mgf1md, + ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, + rctx->md, rctx->mgf1md, rctx->tbuf, rctx->saltlen); if (ret <= 0) return 0; @@ -461,20 +324,43 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, static int check_padding_md(const EVP_MD *md, int padding) { + int mdnid; if (!md) return 1; + mdnid = EVP_MD_type(md); + if (padding == RSA_NO_PADDING) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); return 0; } if (padding == RSA_X931_PADDING) { - if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { + if (RSA_X931_hash_id(mdnid) == -1) { RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); return 0; } - return 1; + } else { + switch(mdnid) { + /* List of all supported RSA digests */ + case NID_sha1: + case NID_sha224: + case NID_sha256: + case NID_sha384: + case NID_sha512: + case NID_md5: + case NID_md5_sha1: + case NID_md2: + case NID_md4: + case NID_mdc2: + case NID_ripemd160: + return 1; + + default: + RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST); + return 0; + + } } return 1; @@ -529,8 +415,8 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) return 1; case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: - if (p1 < 256) { - RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); + if (p1 < 512) { + RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL); return -2; } rctx->nbits = p1; @@ -588,8 +474,7 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE); return -2; } - if (rctx->oaep_label) - OPENSSL_free(rctx->oaep_label); + OPENSSL_free(rctx->oaep_label); if (p2 && p1 > 0) { rctx->oaep_label = p2; rctx->oaep_labellen = p1; @@ -636,21 +521,21 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); return 0; } - if (!strcmp(type, "rsa_padding_mode")) { + if (strcmp(type, "rsa_padding_mode") == 0) { int pm; - if (!strcmp(value, "pkcs1")) + if (strcmp(value, "pkcs1") == 0) pm = RSA_PKCS1_PADDING; - else if (!strcmp(value, "sslv23")) + else if (strcmp(value, "sslv23") == 0) pm = RSA_SSLV23_PADDING; - else if (!strcmp(value, "none")) + else if (strcmp(value, "none") == 0) pm = RSA_NO_PADDING; - else if (!strcmp(value, "oeap")) + else if (strcmp(value, "oeap") == 0) pm = RSA_PKCS1_OAEP_PADDING; - else if (!strcmp(value, "oaep")) + else if (strcmp(value, "oaep") == 0) pm = RSA_PKCS1_OAEP_PADDING; - else if (!strcmp(value, "x931")) + else if (strcmp(value, "x931") == 0) pm = RSA_X931_PADDING; - else if (!strcmp(value, "pss")) + else if (strcmp(value, "pss") == 0) pm = RSA_PKCS1_PSS_PADDING; else { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); @@ -659,19 +544,19 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); } - if (!strcmp(type, "rsa_pss_saltlen")) { + if (strcmp(type, "rsa_pss_saltlen") == 0) { int saltlen; saltlen = atoi(value); return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); } - if (!strcmp(type, "rsa_keygen_bits")) { + if (strcmp(type, "rsa_keygen_bits") == 0) { int nbits; nbits = atoi(value); return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); } - if (!strcmp(type, "rsa_keygen_pubexp")) { + if (strcmp(type, "rsa_keygen_pubexp") == 0) { int ret; BIGNUM *pubexp = NULL; if (!BN_asc2bn(&pubexp, value)) @@ -682,28 +567,28 @@ static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, return ret; } - if (!strcmp(type, "rsa_mgf1_md")) { + if (strcmp(type, "rsa_mgf1_md") == 0) { const EVP_MD *md; - if (!(md = EVP_get_digestbyname(value))) { + if ((md = EVP_get_digestbyname(value)) == NULL) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); return 0; } return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md); } - if (!strcmp(type, "rsa_oaep_md")) { + if (strcmp(type, "rsa_oaep_md") == 0) { const EVP_MD *md; - if (!(md = EVP_get_digestbyname(value))) { + if ((md = EVP_get_digestbyname(value)) == NULL) { RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST); return 0; } return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md); } - if (!strcmp(type, "rsa_oaep_label")) { + if (strcmp(type, "rsa_oaep_label") == 0) { unsigned char *lab; long lablen; int ret; - lab = string_to_hex(value, &lablen); + lab = OPENSSL_hexstr2buf(value, &lablen); if (!lab) return 0; ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen); @@ -719,22 +604,27 @@ static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) { RSA *rsa = NULL; RSA_PKEY_CTX *rctx = ctx->data; - BN_GENCB *pcb, cb; + BN_GENCB *pcb; int ret; - if (!rctx->pub_exp) { + if (rctx->pub_exp == NULL) { rctx->pub_exp = BN_new(); - if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) + if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4)) return 0; } rsa = RSA_new(); - if (!rsa) + if (rsa == NULL) return 0; if (ctx->pkey_gencb) { - pcb = &cb; + pcb = BN_GENCB_new(); + if (pcb == NULL) { + RSA_free(rsa); + return 0; + } evp_pkey_set_cb_translate(pcb, ctx); } else pcb = NULL; ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); + BN_GENCB_free(pcb); if (ret > 0) EVP_PKEY_assign_RSA(pkey, rsa); else |