Import of old SSLeay release: SSLeay 0.9.1b (unreleased)
diff --git a/crypto/rsa/f b/crypto/rsa/f
new file mode 100644
index 0000000..57528ef
--- /dev/null
+++ b/crypto/rsa/f
@@ -0,0 +1,6 @@
+ if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
+ {
+ if ((rsa->method_mod_n=(char *)BN_MONT_CTX_new()) != NULL)
+ if (!BN_MONT_CTX_set((BN_MONT_CTX *)rsa->method_mod_n,
+ rsa->n,ctx)) goto err;
+ }
diff --git a/crypto/rsa/rsa.err b/crypto/rsa/rsa.err
index 5ded1b5..e866635 100644
--- a/crypto/rsa/rsa.err
+++ b/crypto/rsa/rsa.err
@@ -1,26 +1,27 @@
/* Error codes for the RSA functions. */
/* Function codes. */
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103
-#define RSA_F_RSA_GENERATE_KEY 104
-#define RSA_F_RSA_NEW_METHOD 105
-#define RSA_F_RSA_PADDING_ADD_NONE 106
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108
-#define RSA_F_RSA_PADDING_ADD_SSLV23 109
-#define RSA_F_RSA_PADDING_CHECK_NONE 110
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112
-#define RSA_F_RSA_PADDING_CHECK_SSLV23 113
-#define RSA_F_RSA_PRINT 114
-#define RSA_F_RSA_PRINT_FP 115
-#define RSA_F_RSA_SIGN 116
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117
-#define RSA_F_RSA_VERIFY 118
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119
+#define RSA_F_MEMORY_LOCK 100
+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
+#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
+#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
+#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
+#define RSA_F_RSA_GENERATE_KEY 105
+#define RSA_F_RSA_NEW_METHOD 106
+#define RSA_F_RSA_PADDING_ADD_NONE 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
+#define RSA_F_RSA_PADDING_ADD_SSLV23 110
+#define RSA_F_RSA_PADDING_CHECK_NONE 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
+#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
+#define RSA_F_RSA_PRINT 115
+#define RSA_F_RSA_PRINT_FP 116
+#define RSA_F_RSA_SIGN 117
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
+#define RSA_F_RSA_VERIFY 119
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
/* Reason codes. */
#define RSA_R_ALGORITHM_MISMATCH 100
diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index aeb78ff..b7c02fd 100644
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -102,11 +102,14 @@
int references;
int flags;
- /* Normally used to cached montgomery values */
+ /* Normally used to cache montgomery values */
char *method_mod_n;
char *method_mod_p;
char *method_mod_q;
+ /* all BIGNUM values are actually in the following data, if it is not
+ * NULL */
+ char *bignum_data;
BN_BLINDING *blinding;
} RSA;
@@ -114,6 +117,7 @@
#define RSA_F4 0x10001L
#define RSA_METHOD_FLAG_NO_CHECK 0x01 /* don't check pub/private match */
+
#define RSA_FLAG_CACHE_PUBLIC 0x02
#define RSA_FLAG_CACHE_PRIVATE 0x04
#define RSA_FLAG_BLINDING 0x08
@@ -147,6 +151,9 @@
void RSA_set_default_method(RSA_METHOD *meth);
+/* This function needs the memory locking malloc callbacks to be installed */
+int RSA_memory_lock(RSA *r);
+
/* If you have RSAref compiled in. */
RSA_METHOD *RSA_PKCS1_RSAref(void);
@@ -193,19 +200,19 @@
int RSA_padding_add_PKCS1_type_1(unsigned char *to,int tlen,
unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_1(unsigned char *to,int tlen,
- unsigned char *f,int fl);
+ unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
unsigned char *f,int fl);
int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
- unsigned char *f,int fl);
+ unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_SSLv23(unsigned char *to,int tlen,
unsigned char *f,int fl);
int RSA_padding_check_SSLv23(unsigned char *to,int tlen,
- unsigned char *f,int fl);
+ unsigned char *f,int fl,int rsa_len);
int RSA_padding_add_none(unsigned char *to,int tlen,
unsigned char *f,int fl);
int RSA_padding_check_none(unsigned char *to,int tlen,
- unsigned char *f,int fl);
+ unsigned char *f,int fl,int rsa_len);
int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int (*dup_func)(), void (*free_func)());
@@ -227,6 +234,7 @@
int RSA_flags();
void RSA_set_default_method();
+int RSA_memory_lock();
/* RSA_METHOD *RSA_PKCS1_RSAref(); */
RSA_METHOD *RSA_PKCS1_SSLeay();
@@ -274,26 +282,27 @@
/* Error codes for the RSA functions. */
/* Function codes. */
-#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 100
-#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 101
-#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 102
-#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 103
-#define RSA_F_RSA_GENERATE_KEY 104
-#define RSA_F_RSA_NEW_METHOD 105
-#define RSA_F_RSA_PADDING_ADD_NONE 106
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 107
-#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 108
-#define RSA_F_RSA_PADDING_ADD_SSLV23 109
-#define RSA_F_RSA_PADDING_CHECK_NONE 110
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 111
-#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 112
-#define RSA_F_RSA_PADDING_CHECK_SSLV23 113
-#define RSA_F_RSA_PRINT 114
-#define RSA_F_RSA_PRINT_FP 115
-#define RSA_F_RSA_SIGN 116
-#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 117
-#define RSA_F_RSA_VERIFY 118
-#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 119
+#define RSA_F_MEMORY_LOCK 100
+#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
+#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
+#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
+#define RSA_F_RSA_EAY_PUBLIC_ENCRYPT 104
+#define RSA_F_RSA_GENERATE_KEY 105
+#define RSA_F_RSA_NEW_METHOD 106
+#define RSA_F_RSA_PADDING_ADD_NONE 107
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1 108
+#define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2 109
+#define RSA_F_RSA_PADDING_ADD_SSLV23 110
+#define RSA_F_RSA_PADDING_CHECK_NONE 111
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1 112
+#define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2 113
+#define RSA_F_RSA_PADDING_CHECK_SSLV23 114
+#define RSA_F_RSA_PRINT 115
+#define RSA_F_RSA_PRINT_FP 116
+#define RSA_F_RSA_SIGN 117
+#define RSA_F_RSA_SIGN_ASN1_OCTET_STRING 118
+#define RSA_F_RSA_VERIFY 119
+#define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING 120
/* Reason codes. */
#define RSA_R_ALGORITHM_MISMATCH 100
diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 00f8ea9..7623189 100644
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -110,11 +110,13 @@
RSA *rsa;
int padding;
{
- BIGNUM *f=NULL,*ret=NULL;
+ BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ BN_init(&f);
+ BN_init(&ret);
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)Malloc(num)) == NULL)
@@ -140,9 +142,7 @@
}
if (i <= 0) goto err;
- if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err;
-
- if (BN_bin2bn(buf,num,f) == NULL) goto err;
+ if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
@@ -151,21 +151,21 @@
rsa->n,ctx)) goto err;
}
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->method_mod_n)) goto err;
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
- j=BN_num_bytes(ret);
- i=BN_bn2bin(ret,&(to[num-j]));
+ j=BN_num_bytes(&ret);
+ i=BN_bn2bin(&ret,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
r=num;
err:
if (ctx != NULL) BN_CTX_free(ctx);
- if (f != NULL) BN_free(f);
- if (ret != NULL) BN_free(ret);
+ BN_clear_free(&f);
+ BN_clear_free(&ret);
if (buf != NULL)
{
memset(buf,0,num);
@@ -181,11 +181,14 @@
RSA *rsa;
int padding;
{
- BIGNUM *f=NULL,*ret=NULL;
+ BIGNUM f,ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ BN_init(&f);
+ BN_init(&ret);
+
if ((ctx=BN_CTX_new()) == NULL) goto err;
num=BN_num_bytes(rsa->n);
if ((buf=(unsigned char *)Malloc(num)) == NULL)
@@ -209,40 +212,39 @@
}
if (i <= 0) goto err;
- if (((f=BN_new()) == NULL) || ((ret=BN_new()) == NULL)) goto err;
- if (BN_bin2bn(buf,num,f) == NULL) goto err;
+ if (BN_bin2bn(buf,num,&f) == NULL) goto err;
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err;
+ if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
if ( (rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL))
- { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; }
+ { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx)) goto err;
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL)) goto err;
}
if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err;
+ if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
- j=BN_num_bytes(ret);
- i=BN_bn2bin(ret,&(to[num-j]));
+ j=BN_num_bytes(&ret);
+ i=BN_bn2bin(&ret,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
r=num;
err:
if (ctx != NULL) BN_CTX_free(ctx);
- if (ret != NULL) BN_free(ret);
- if (f != NULL) BN_free(f);
+ BN_clear_free(&ret);
+ BN_clear_free(&f);
if (buf != NULL)
{
memset(buf,0,num);
@@ -258,12 +260,14 @@
RSA *rsa;
int padding;
{
- BIGNUM *f=NULL,*ret=NULL;
+ BIGNUM f,ret;
int j,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ BN_init(&f);
+ BN_init(&ret);
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
@@ -284,13 +288,12 @@
}
/* make data into a big number */
- if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err;
- if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
+ if (BN_bin2bn(from,(int)flen,&f) == NULL) goto err;
if ((rsa->flags & RSA_FLAG_BLINDING) && (rsa->blinding == NULL))
RSA_blinding_on(rsa,ctx);
if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_convert(f,rsa->blinding,ctx)) goto err;
+ if (!BN_BLINDING_convert(&f,rsa->blinding,ctx)) goto err;
/* do the decrypt */
if ( (rsa->p != NULL) &&
@@ -298,29 +301,29 @@
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL))
- { if (!rsa->meth->rsa_mod_exp(ret,f,rsa)) goto err; }
+ { if (!rsa->meth->rsa_mod_exp(&ret,&f,rsa)) goto err; }
else
{
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->d,rsa->n,ctx))
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->d,rsa->n,ctx,NULL))
goto err;
}
if (rsa->flags & RSA_FLAG_BLINDING)
- if (!BN_BLINDING_invert(ret,rsa->blinding,ctx)) goto err;
+ if (!BN_BLINDING_invert(&ret,rsa->blinding,ctx)) goto err;
p=buf;
- j=BN_bn2bin(ret,p); /* j is only used with no-padding mode */
+ j=BN_bn2bin(&ret,p); /* j is only used with no-padding mode */
switch (padding)
{
case RSA_PKCS1_PADDING:
- r=RSA_padding_check_PKCS1_type_2(to,num,buf,j);
+ r=RSA_padding_check_PKCS1_type_2(to,num,buf,j,num);
break;
case RSA_SSLV23_PADDING:
- r=RSA_padding_check_SSLv23(to,num,buf,j);
+ r=RSA_padding_check_SSLv23(to,num,buf,j,num);
break;
case RSA_NO_PADDING:
- r=RSA_padding_check_none(to,num,buf,j);
+ r=RSA_padding_check_none(to,num,buf,j,num);
break;
default:
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
@@ -331,8 +334,8 @@
err:
if (ctx != NULL) BN_CTX_free(ctx);
- if (f != NULL) BN_free(f);
- if (ret != NULL) BN_free(ret);
+ BN_clear_free(&f);
+ BN_clear_free(&ret);
if (buf != NULL)
{
memset(buf,0,num);
@@ -348,12 +351,14 @@
RSA *rsa;
int padding;
{
- BIGNUM *f=NULL,*ret=NULL;
+ BIGNUM f,ret;
int i,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
+ BN_init(&f);
+ BN_init(&ret);
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
@@ -373,10 +378,7 @@
goto err;
}
- /* make data into a big number */
- if (((ret=BN_new()) == NULL) || ((f=BN_new()) == NULL)) goto err;
-
- if (BN_bin2bn(from,flen,f) == NULL) goto err;
+ if (BN_bin2bn(from,flen,&f) == NULL) goto err;
/* do the decrypt */
if ((rsa->method_mod_n == NULL) && (rsa->flags & RSA_FLAG_CACHE_PUBLIC))
{
@@ -385,19 +387,19 @@
rsa->n,ctx)) goto err;
}
- if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
+ if (!rsa->meth->bn_mod_exp(&ret,&f,rsa->e,rsa->n,ctx,
rsa->method_mod_n)) goto err;
p=buf;
- i=BN_bn2bin(ret,p);
+ i=BN_bn2bin(&ret,p);
switch (padding)
{
case RSA_PKCS1_PADDING:
- r=RSA_padding_check_PKCS1_type_1(to,num,buf,i);
+ r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
break;
case RSA_NO_PADDING:
- r=RSA_padding_check_none(to,num,buf,i);
+ r=RSA_padding_check_none(to,num,buf,i,num);
break;
default:
RSAerr(RSA_F_RSA_EAY_PUBLIC_DECRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
@@ -408,8 +410,8 @@
err:
if (ctx != NULL) BN_CTX_free(ctx);
- if (f != NULL) BN_free(f);
- if (ret != NULL) BN_free(ret);
+ BN_clear_free(&f);
+ BN_clear_free(&ret);
if (buf != NULL)
{
memset(buf,0,num);
@@ -423,14 +425,13 @@
BIGNUM *I;
RSA *rsa;
{
- BIGNUM *r1=NULL,*m1=NULL;
+ BIGNUM r1,m1;
int ret=0;
BN_CTX *ctx;
if ((ctx=BN_CTX_new()) == NULL) goto err;
- m1=BN_new();
- r1=BN_new();
- if ((m1 == NULL) || (r1 == NULL)) goto err;
+ BN_init(&m1);
+ BN_init(&r1);
if (rsa->flags & RSA_FLAG_CACHE_PRIVATE)
{
@@ -452,26 +453,29 @@
}
}
- if (!BN_mod(r1,I,rsa->q,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(m1,r1,rsa->dmq1,rsa->q,ctx,
+ if (!BN_mod(&r1,I,rsa->q,ctx)) goto err;
+ if (!rsa->meth->bn_mod_exp(&m1,&r1,rsa->dmq1,rsa->q,ctx,
rsa->method_mod_q)) goto err;
- if (!BN_mod(r1,I,rsa->p,ctx)) goto err;
- if (!rsa->meth->bn_mod_exp(r0,r1,rsa->dmp1,rsa->p,ctx,
+ if (!BN_mod(&r1,I,rsa->p,ctx)) goto err;
+ if (!rsa->meth->bn_mod_exp(r0,&r1,rsa->dmp1,rsa->p,ctx,
rsa->method_mod_p)) goto err;
- if (!BN_add(r1,r0,rsa->p)) goto err;
- if (!BN_sub(r0,r1,m1)) goto err;
+ if (!BN_sub(r0,r0,&m1)) goto err;
+ /* This will help stop the size of r0 increasing, which does
+ * affect the multiply if it optimised for a power of 2 size */
+ if (r0->neg)
+ if (!BN_add(r0,r0,rsa->p)) goto err;
- if (!BN_mul(r1,r0,rsa->iqmp)) goto err;
- if (!BN_mod(r0,r1,rsa->p,ctx)) goto err;
- if (!BN_mul(r1,r0,rsa->q)) goto err;
- if (!BN_add(r0,r1,m1)) goto err;
+ if (!BN_mul(&r1,r0,rsa->iqmp,ctx)) goto err;
+ if (!BN_mod(r0,&r1,rsa->p,ctx)) goto err;
+ if (!BN_mul(&r1,r0,rsa->q,ctx)) goto err;
+ if (!BN_add(r0,&r1,&m1)) goto err;
ret=1;
err:
- if (m1 != NULL) BN_free(m1);
- if (r1 != NULL) BN_free(r1);
+ BN_clear_free(&m1);
+ BN_clear_free(&r1);
BN_CTX_free(ctx);
return(ret);
}
diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index 796b3af..7899a5d 100644
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -63,6 +63,7 @@
#ifndef NO_ERR
static ERR_STRING_DATA RSA_str_functs[]=
{
+{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"},
{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"},
{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"},
{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"},
@@ -117,8 +118,8 @@
{
static int init=1;
- if (init);
- {;
+ if (init)
+ {
init=0;
#ifndef NO_ERR
ERR_load_strings(ERR_LIB_RSA,RSA_str_functs);
diff --git a/crypto/rsa/rsa_gen.c b/crypto/rsa/rsa_gen.c
index aed2351..936db49 100644
--- a/crypto/rsa/rsa_gen.c
+++ b/crypto/rsa/rsa_gen.c
@@ -70,17 +70,17 @@
{
RSA *rsa=NULL;
BIGNUM *r0=NULL,*r1=NULL,*r2=NULL,*r3=NULL,*tmp;
- int bitsp,bitsq,ok= -1,n=0;
+ int bitsp,bitsq,ok= -1,n=0,i;
BN_CTX *ctx=NULL,*ctx2=NULL;
ctx=BN_CTX_new();
if (ctx == NULL) goto err;
ctx2=BN_CTX_new();
if (ctx2 == NULL) goto err;
- r0=ctx->bn[0];
- r1=ctx->bn[1];
- r2=ctx->bn[2];
- r3=ctx->bn[3];
+ r0= &(ctx->bn[0]);
+ r1= &(ctx->bn[1]);
+ r2= &(ctx->bn[2]);
+ r3= &(ctx->bn[3]);
ctx->tos+=4;
bitsp=(bits+1)/2;
@@ -91,12 +91,23 @@
/* set e */
rsa->e=BN_new();
if (rsa->e == NULL) goto err;
+
+#if 1
+ /* The problem is when building with 8, 16, or 32 BN_ULONG,
+ * unsigned long can be larger */
+ for (i=0; i<sizeof(unsigned long)*8; i++)
+ {
+ if (e_value & (1<<i))
+ BN_set_bit(rsa->e,i);
+ }
+#else
if (!BN_set_word(rsa->e,e_value)) goto err;
+#endif
/* generate p and q */
for (;;)
{
- rsa->p=BN_generate_prime(bitsp,0,NULL,NULL,callback,cb_arg);
+ rsa->p=BN_generate_prime(NULL,bitsp,0,NULL,NULL,callback,cb_arg);
if (rsa->p == NULL) goto err;
if (!BN_sub(r2,rsa->p,BN_value_one())) goto err;
if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
@@ -107,7 +118,7 @@
if (callback != NULL) callback(3,0,cb_arg);
for (;;)
{
- rsa->q=BN_generate_prime(bitsq,0,NULL,NULL,callback,cb_arg);
+ rsa->q=BN_generate_prime(NULL,bitsq,0,NULL,NULL,callback,cb_arg);
if (rsa->q == NULL) goto err;
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err;
if (!BN_gcd(r1,r2,rsa->e,ctx)) goto err;
@@ -127,12 +138,12 @@
/* calculate n */
rsa->n=BN_new();
if (rsa->n == NULL) goto err;
- if (!BN_mul(rsa->n,rsa->p,rsa->q)) goto err;
+ if (!BN_mul(rsa->n,rsa->p,rsa->q,ctx)) goto err;
/* calculate d */
if (!BN_sub(r1,rsa->p,BN_value_one())) goto err; /* p-1 */
if (!BN_sub(r2,rsa->q,BN_value_one())) goto err; /* q-1 */
- if (!BN_mul(r0,r1,r2)) goto err; /* (p-1)(q-1) */
+ if (!BN_mul(r0,r1,r2,ctx)) goto err; /* (p-1)(q-1) */
/* should not be needed, since gcd(p-1,e) == 1 and gcd(q-1,e) == 1 */
/* for (;;)
@@ -149,7 +160,7 @@
goto err;
}
*/
- rsa->d=(BIGNUM *)BN_mod_inverse(rsa->e,r0,ctx2); /* d */
+ rsa->d=(BIGNUM *)BN_mod_inverse(NULL,rsa->e,r0,ctx2); /* d */
if (rsa->d == NULL) goto err;
/* calculate d mod (p-1) */
@@ -163,7 +174,7 @@
if (!BN_mod(rsa->dmq1,rsa->d,r2,ctx)) goto err;
/* calculate inverse of q mod p */
- rsa->iqmp=BN_mod_inverse(rsa->q,rsa->p,ctx2);
+ rsa->iqmp=BN_mod_inverse(NULL,rsa->q,rsa->p,ctx2);
if (rsa->iqmp == NULL) goto err;
ok=1;
diff --git a/crypto/rsa/rsa_lib.c b/crypto/rsa/rsa_lib.c
index 95a56f8..5ce51f9 100644
--- a/crypto/rsa/rsa_lib.c
+++ b/crypto/rsa/rsa_lib.c
@@ -63,7 +63,7 @@
#include "bn.h"
#include "rsa.h"
-char *RSA_version="RSA part of SSLeay 0.9.0b 29-Jun-1998";
+char *RSA_version="RSA part of SSLeay 0.9.1a 06-Jul-1998";
static RSA_METHOD *default_RSA_meth=NULL;
static int rsa_meth_num=0;
@@ -120,13 +120,15 @@
ret->method_mod_p=NULL;
ret->method_mod_q=NULL;
ret->blinding=NULL;
+ ret->bignum_data=NULL;
ret->flags=ret->meth->flags;
if ((ret->meth->init != NULL) && !ret->meth->init(ret))
{
Free(ret);
ret=NULL;
}
- CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
+ else
+ CRYPTO_new_ex_data(rsa_meth,(char *)ret,&ret->ex_data);
return(ret);
}
@@ -164,6 +166,7 @@
if (r->dmq1 != NULL) BN_clear_free(r->dmq1);
if (r->iqmp != NULL) BN_clear_free(r->iqmp);
if (r->blinding != NULL) BN_BLINDING_free(r->blinding);
+ if (r->bignum_data != NULL) Free_locked(r->bignum_data);
Free(r);
}
@@ -275,10 +278,10 @@
if (rsa->blinding != NULL)
BN_BLINDING_free(rsa->blinding);
- A=ctx->bn[0];
+ A= &(ctx->bn[0]);
ctx->tos++;
if (!BN_rand(A,BN_num_bits(rsa->n)-1,1,0)) goto err;
- if ((Ai=BN_mod_inverse(A,rsa->n,ctx)) == NULL) goto err;
+ if ((Ai=BN_mod_inverse(NULL,A,rsa->n,ctx)) == NULL) goto err;
if (!rsa->meth->bn_mod_exp(A,A,rsa->e,rsa->n,ctx,
(char *)rsa->method_mod_n)) goto err;
@@ -292,3 +295,49 @@
return(ret);
}
+int RSA_memory_lock(r)
+RSA *r;
+ {
+ int i,j,k,off;
+ char *p;
+ BIGNUM *bn,**t[6],*b;
+ BN_ULONG *ul;
+
+ if (r->d == NULL) return(1);
+ t[0]= &r->d;
+ t[1]= &r->p;
+ t[2]= &r->q;
+ t[3]= &r->dmp1;
+ t[4]= &r->dmq1;
+ t[5]= &r->iqmp;
+ k=sizeof(BIGNUM)*6;
+ off=k/sizeof(BN_ULONG)+1;
+ j=1;
+ for (i=0; i<6; i++)
+ j+= (*t[i])->top;
+ if ((p=Malloc_locked((off+j)*sizeof(BN_ULONG))) == NULL)
+ {
+ RSAerr(RSA_F_MEMORY_LOCK,ERR_R_MALLOC_FAILURE);
+ return(0);
+ }
+ bn=(BIGNUM *)p;
+ ul=(BN_ULONG *)&(p[off]);
+ for (i=0; i<6; i++)
+ {
+ b= *(t[i]);
+ *(t[i])= &(bn[i]);
+ memcpy((char *)&(bn[i]),(char *)b,sizeof(BIGNUM));
+ bn[i].flags=BN_FLG_STATIC_DATA;
+ bn[i].d=ul;
+ memcpy((char *)ul,b->d,sizeof(BN_ULONG)*b->top);
+ ul+=b->top;
+ BN_clear_free(b);
+ }
+
+ /* I should fix this so it can still be done */
+ r->flags&= ~(RSA_FLAG_CACHE_PRIVATE|RSA_FLAG_CACHE_PUBLIC);
+
+ r->bignum_data=p;
+ return(1);
+ }
+
diff --git a/crypto/rsa/rsa_none.c b/crypto/rsa/rsa_none.c
index f0dd943..6385b55 100644
--- a/crypto/rsa/rsa_none.c
+++ b/crypto/rsa/rsa_none.c
@@ -79,11 +79,12 @@
return(1);
}
-int RSA_padding_check_none(to,tlen,from,flen)
+int RSA_padding_check_none(to,tlen,from,flen,num)
unsigned char *to;
int tlen;
unsigned char *from;
int flen;
+int num;
{
int j;
@@ -93,7 +94,7 @@
RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_DATA_TOO_LARGE);
return(-1);
}
- if (*(from++) != 0)
+ if (flen+1 >= num)
{
RSAerr(RSA_F_RSA_PADDING_CHECK_NONE,RSA_R_BAD_ZERO_BYTE);
return(-1);
diff --git a/crypto/rsa/rsa_pk1.c b/crypto/rsa/rsa_pk1.c
index 2791291..4638187 100644
--- a/crypto/rsa/rsa_pk1.c
+++ b/crypto/rsa/rsa_pk1.c
@@ -103,17 +103,18 @@
return(1);
}
-int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen)
+int RSA_padding_check_PKCS1_type_1(to,tlen,from,flen,num)
unsigned char *to;
int tlen;
unsigned char *from;
int flen;
+int num;
{
int i,j;
unsigned char *p;
p=from;
- if (*(p++) != 01)
+ if ((num != (flen+1)) || (*(p++) != 01))
{
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1,RSA_R_BLOCK_TYPE_IS_NOT_01);
return(-1);
@@ -192,21 +193,25 @@
return(1);
}
-int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen)
+int RSA_padding_check_PKCS1_type_2(to,tlen,from,flen,num)
unsigned char *to;
int tlen;
unsigned char *from;
int flen;
+int num;
{
int i,j;
unsigned char *p;
p=from;
- if (*(p++) != 02)
+ if ((num != (flen+1)) || (*(p++) != 02))
{
RSAerr(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2,RSA_R_BLOCK_TYPE_IS_NOT_02);
return(-1);
}
+#ifdef PKCS1_CHECK
+ return(num-11);
+#endif
/* scan over padding data */
j=flen-1; /* one for type. */
diff --git a/crypto/rsa/rsa_sign.c b/crypto/rsa/rsa_sign.c
index 28c5571..e389111 100644
--- a/crypto/rsa/rsa_sign.c
+++ b/crypto/rsa/rsa_sign.c
@@ -154,9 +154,11 @@
p=s;
sig=d2i_X509_SIG(NULL,&p,(long)i);
+
if (sig == NULL) goto err;
sigtype=OBJ_obj2nid(sig->algor->algorithm);
+
#ifdef RSA_DEBUG
/* put a backward compatability flag in EAY */
fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
diff --git a/crypto/rsa/rsa_ssl.c b/crypto/rsa/rsa_ssl.c
index 9bcd4b2..42ee076 100644
--- a/crypto/rsa/rsa_ssl.c
+++ b/crypto/rsa/rsa_ssl.c
@@ -103,11 +103,12 @@
return(1);
}
-int RSA_padding_check_SSLv23(to,tlen,from,flen)
+int RSA_padding_check_SSLv23(to,tlen,from,flen,num)
unsigned char *to;
int tlen;
unsigned char *from;
int flen;
+int num;
{
int i,j,k;
unsigned char *p;
@@ -118,7 +119,7 @@
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
return(-1);
}
- if (*(p++) != 02)
+ if ((num != (flen+1)) || (*(p++) != 02))
{
RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
return(-1);
