]>
Commit | Line | Data |
---|---|---|
1 | /* crypto/rsa/rsa_lib.c */ | |
2 | /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) | |
3 | * All rights reserved. | |
4 | * | |
5 | * This package is an SSL implementation written | |
6 | * by Eric Young (eay@cryptsoft.com). | |
7 | * The implementation was written so as to conform with Netscapes SSL. | |
8 | * | |
9 | * This library is free for commercial and non-commercial use as long as | |
10 | * the following conditions are aheared to. The following conditions | |
11 | * apply to all code found in this distribution, be it the RC4, RSA, | |
12 | * lhash, DES, etc., code; not just the SSL code. The SSL documentation | |
13 | * included with this distribution is covered by the same copyright terms | |
14 | * except that the holder is Tim Hudson (tjh@cryptsoft.com). | |
15 | * | |
16 | * Copyright remains Eric Young's, and as such any Copyright notices in | |
17 | * the code are not to be removed. | |
18 | * If this package is used in a product, Eric Young should be given attribution | |
19 | * as the author of the parts of the library used. | |
20 | * This can be in the form of a textual message at program startup or | |
21 | * in documentation (online or textual) provided with the package. | |
22 | * | |
23 | * Redistribution and use in source and binary forms, with or without | |
24 | * modification, are permitted provided that the following conditions | |
25 | * are met: | |
26 | * 1. Redistributions of source code must retain the copyright | |
27 | * notice, this list of conditions and the following disclaimer. | |
28 | * 2. Redistributions in binary form must reproduce the above copyright | |
29 | * notice, this list of conditions and the following disclaimer in the | |
30 | * documentation and/or other materials provided with the distribution. | |
31 | * 3. All advertising materials mentioning features or use of this software | |
32 | * must display the following acknowledgement: | |
33 | * "This product includes cryptographic software written by | |
34 | * Eric Young (eay@cryptsoft.com)" | |
35 | * The word 'cryptographic' can be left out if the rouines from the library | |
36 | * being used are not cryptographic related :-). | |
37 | * 4. If you include any Windows specific code (or a derivative thereof) from | |
38 | * the apps directory (application code) you must include an acknowledgement: | |
39 | * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" | |
40 | * | |
41 | * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND | |
42 | * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE | |
43 | * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE | |
44 | * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE | |
45 | * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL | |
46 | * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS | |
47 | * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) | |
48 | * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT | |
49 | * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY | |
50 | * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF | |
51 | * SUCH DAMAGE. | |
52 | * | |
53 | * The licence and distribution terms for any publically available version or | |
54 | * derivative of this code cannot be changed. i.e. this code cannot simply be | |
55 | * copied and put under another distribution licence | |
56 | * [including the GNU Public Licence.] | |
57 | */ | |
58 | ||
59 | #include <stdio.h> | |
60 | #include <openssl/crypto.h> | |
61 | #include "cryptlib.h" | |
62 | #include <openssl/lhash.h> | |
63 | #include <openssl/bn.h> | |
64 | #include <openssl/rsa.h> | |
65 | #include <openssl/rand.h> | |
66 | #ifndef OPENSSL_NO_ENGINE | |
67 | # include <openssl/engine.h> | |
68 | #endif | |
69 | ||
70 | #ifdef OPENSSL_FIPS | |
71 | # include <openssl/fips.h> | |
72 | #endif | |
73 | ||
74 | const char RSA_version[] = "RSA" OPENSSL_VERSION_PTEXT; | |
75 | ||
76 | static const RSA_METHOD *default_RSA_meth = NULL; | |
77 | ||
78 | RSA *RSA_new(void) | |
79 | { | |
80 | RSA *r = RSA_new_method(NULL); | |
81 | ||
82 | return r; | |
83 | } | |
84 | ||
85 | void RSA_set_default_method(const RSA_METHOD *meth) | |
86 | { | |
87 | default_RSA_meth = meth; | |
88 | } | |
89 | ||
90 | const RSA_METHOD *RSA_get_default_method(void) | |
91 | { | |
92 | if (default_RSA_meth == NULL) { | |
93 | #ifdef OPENSSL_FIPS | |
94 | if (FIPS_mode()) | |
95 | return FIPS_rsa_pkcs1_ssleay(); | |
96 | else | |
97 | return RSA_PKCS1_SSLeay(); | |
98 | #else | |
99 | # ifdef RSA_NULL | |
100 | default_RSA_meth = RSA_null_method(); | |
101 | # else | |
102 | default_RSA_meth = RSA_PKCS1_SSLeay(); | |
103 | # endif | |
104 | #endif | |
105 | } | |
106 | ||
107 | return default_RSA_meth; | |
108 | } | |
109 | ||
110 | const RSA_METHOD *RSA_get_method(const RSA *rsa) | |
111 | { | |
112 | return rsa->meth; | |
113 | } | |
114 | ||
115 | int RSA_set_method(RSA *rsa, const RSA_METHOD *meth) | |
116 | { | |
117 | /* | |
118 | * NB: The caller is specifically setting a method, so it's not up to us | |
119 | * to deal with which ENGINE it comes from. | |
120 | */ | |
121 | const RSA_METHOD *mtmp; | |
122 | mtmp = rsa->meth; | |
123 | if (mtmp->finish) | |
124 | mtmp->finish(rsa); | |
125 | #ifndef OPENSSL_NO_ENGINE | |
126 | if (rsa->engine) { | |
127 | ENGINE_finish(rsa->engine); | |
128 | rsa->engine = NULL; | |
129 | } | |
130 | #endif | |
131 | rsa->meth = meth; | |
132 | if (meth->init) | |
133 | meth->init(rsa); | |
134 | return 1; | |
135 | } | |
136 | ||
137 | RSA *RSA_new_method(ENGINE *engine) | |
138 | { | |
139 | RSA *ret; | |
140 | ||
141 | ret = (RSA *)OPENSSL_malloc(sizeof(RSA)); | |
142 | if (ret == NULL) { | |
143 | RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE); | |
144 | return NULL; | |
145 | } | |
146 | memset(ret,0,sizeof(RSA)); | |
147 | ||
148 | ret->meth = RSA_get_default_method(); | |
149 | #ifndef OPENSSL_NO_ENGINE | |
150 | if (engine) { | |
151 | if (!ENGINE_init(engine)) { | |
152 | RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); | |
153 | OPENSSL_free(ret); | |
154 | return NULL; | |
155 | } | |
156 | ret->engine = engine; | |
157 | } else | |
158 | ret->engine = ENGINE_get_default_RSA(); | |
159 | if (ret->engine) { | |
160 | ret->meth = ENGINE_get_RSA(ret->engine); | |
161 | if (!ret->meth) { | |
162 | RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB); | |
163 | ENGINE_finish(ret->engine); | |
164 | OPENSSL_free(ret); | |
165 | return NULL; | |
166 | } | |
167 | } | |
168 | #endif | |
169 | ||
170 | ret->pad = 0; | |
171 | ret->version = 0; | |
172 | ret->n = NULL; | |
173 | ret->e = NULL; | |
174 | ret->d = NULL; | |
175 | ret->p = NULL; | |
176 | ret->q = NULL; | |
177 | ret->dmp1 = NULL; | |
178 | ret->dmq1 = NULL; | |
179 | ret->iqmp = NULL; | |
180 | ret->references = 1; | |
181 | ret->_method_mod_n = NULL; | |
182 | ret->_method_mod_p = NULL; | |
183 | ret->_method_mod_q = NULL; | |
184 | ret->blinding = NULL; | |
185 | ret->mt_blinding = NULL; | |
186 | ret->bignum_data = NULL; | |
187 | ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW; | |
188 | if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) { | |
189 | #ifndef OPENSSL_NO_ENGINE | |
190 | if (ret->engine) | |
191 | ENGINE_finish(ret->engine); | |
192 | #endif | |
193 | OPENSSL_free(ret); | |
194 | return (NULL); | |
195 | } | |
196 | ||
197 | if ((ret->meth->init != NULL) && !ret->meth->init(ret)) { | |
198 | #ifndef OPENSSL_NO_ENGINE | |
199 | if (ret->engine) | |
200 | ENGINE_finish(ret->engine); | |
201 | #endif | |
202 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data); | |
203 | OPENSSL_free(ret); | |
204 | ret = NULL; | |
205 | } | |
206 | return (ret); | |
207 | } | |
208 | ||
209 | void RSA_free(RSA *r) | |
210 | { | |
211 | int i; | |
212 | ||
213 | if (r == NULL) | |
214 | return; | |
215 | ||
216 | i = CRYPTO_add(&r->references, -1, CRYPTO_LOCK_RSA); | |
217 | #ifdef REF_PRINT | |
218 | REF_PRINT("RSA", r); | |
219 | #endif | |
220 | if (i > 0) | |
221 | return; | |
222 | #ifdef REF_CHECK | |
223 | if (i < 0) { | |
224 | fprintf(stderr, "RSA_free, bad reference count\n"); | |
225 | abort(); | |
226 | } | |
227 | #endif | |
228 | ||
229 | if (r->meth->finish) | |
230 | r->meth->finish(r); | |
231 | #ifndef OPENSSL_NO_ENGINE | |
232 | if (r->engine) | |
233 | ENGINE_finish(r->engine); | |
234 | #endif | |
235 | ||
236 | CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data); | |
237 | ||
238 | if (r->n != NULL) | |
239 | BN_clear_free(r->n); | |
240 | if (r->e != NULL) | |
241 | BN_clear_free(r->e); | |
242 | if (r->d != NULL) | |
243 | BN_clear_free(r->d); | |
244 | if (r->p != NULL) | |
245 | BN_clear_free(r->p); | |
246 | if (r->q != NULL) | |
247 | BN_clear_free(r->q); | |
248 | if (r->dmp1 != NULL) | |
249 | BN_clear_free(r->dmp1); | |
250 | if (r->dmq1 != NULL) | |
251 | BN_clear_free(r->dmq1); | |
252 | if (r->iqmp != NULL) | |
253 | BN_clear_free(r->iqmp); | |
254 | if (r->blinding != NULL) | |
255 | BN_BLINDING_free(r->blinding); | |
256 | if (r->mt_blinding != NULL) | |
257 | BN_BLINDING_free(r->mt_blinding); | |
258 | if (r->bignum_data != NULL) | |
259 | OPENSSL_free_locked(r->bignum_data); | |
260 | OPENSSL_free(r); | |
261 | } | |
262 | ||
263 | int RSA_up_ref(RSA *r) | |
264 | { | |
265 | int i = CRYPTO_add(&r->references, 1, CRYPTO_LOCK_RSA); | |
266 | #ifdef REF_PRINT | |
267 | REF_PRINT("RSA", r); | |
268 | #endif | |
269 | #ifdef REF_CHECK | |
270 | if (i < 2) { | |
271 | fprintf(stderr, "RSA_up_ref, bad reference count\n"); | |
272 | abort(); | |
273 | } | |
274 | #endif | |
275 | return ((i > 1) ? 1 : 0); | |
276 | } | |
277 | ||
278 | int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func, | |
279 | CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func) | |
280 | { | |
281 | return CRYPTO_get_ex_new_index(CRYPTO_EX_INDEX_RSA, argl, argp, | |
282 | new_func, dup_func, free_func); | |
283 | } | |
284 | ||
285 | int RSA_set_ex_data(RSA *r, int idx, void *arg) | |
286 | { | |
287 | return (CRYPTO_set_ex_data(&r->ex_data, idx, arg)); | |
288 | } | |
289 | ||
290 | void *RSA_get_ex_data(const RSA *r, int idx) | |
291 | { | |
292 | return (CRYPTO_get_ex_data(&r->ex_data, idx)); | |
293 | } | |
294 | ||
295 | int RSA_memory_lock(RSA *r) | |
296 | { | |
297 | int i, j, k, off; | |
298 | char *p; | |
299 | BIGNUM *bn, **t[6], *b; | |
300 | BN_ULONG *ul; | |
301 | ||
302 | if (r->d == NULL) | |
303 | return (1); | |
304 | t[0] = &r->d; | |
305 | t[1] = &r->p; | |
306 | t[2] = &r->q; | |
307 | t[3] = &r->dmp1; | |
308 | t[4] = &r->dmq1; | |
309 | t[5] = &r->iqmp; | |
310 | k = sizeof(BIGNUM) * 6; | |
311 | off = k / sizeof(BN_ULONG) + 1; | |
312 | j = 1; | |
313 | for (i = 0; i < 6; i++) | |
314 | j += (*t[i])->top; | |
315 | if ((p = OPENSSL_malloc_locked((off + j) * sizeof(BN_ULONG))) == NULL) { | |
316 | RSAerr(RSA_F_RSA_MEMORY_LOCK, ERR_R_MALLOC_FAILURE); | |
317 | return (0); | |
318 | } | |
319 | bn = (BIGNUM *)p; | |
320 | ul = (BN_ULONG *)&(p[off]); | |
321 | for (i = 0; i < 6; i++) { | |
322 | b = *(t[i]); | |
323 | *(t[i]) = &(bn[i]); | |
324 | memcpy((char *)&(bn[i]), (char *)b, sizeof(BIGNUM)); | |
325 | bn[i].flags = BN_FLG_STATIC_DATA; | |
326 | bn[i].d = ul; | |
327 | memcpy((char *)ul, b->d, sizeof(BN_ULONG) * b->top); | |
328 | ul += b->top; | |
329 | BN_clear_free(b); | |
330 | } | |
331 | ||
332 | /* I should fix this so it can still be done */ | |
333 | r->flags &= ~(RSA_FLAG_CACHE_PRIVATE | RSA_FLAG_CACHE_PUBLIC); | |
334 | ||
335 | r->bignum_data = p; | |
336 | return (1); | |
337 | } |