projects
/
oweals
/
openssl.git
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Modify DSA and DH keys to use a shared FFC_PARAMS struct
[oweals/openssl.git]
/
crypto
/
rsa
/
rsa_chk.c
diff --git
a/crypto/rsa/rsa_chk.c
b/crypto/rsa/rsa_chk.c
index 805f998ff266c5c527f0e110101c8a300653456b..9d8049132b82f2e12a9cdf4c23be310fff441c91 100644
(file)
--- a/
crypto/rsa/rsa_chk.c
+++ b/
crypto/rsa/rsa_chk.c
@@
-9,15
+9,26
@@
#include <openssl/bn.h>
#include <openssl/err.h>
#include <openssl/bn.h>
#include <openssl/err.h>
-#include "rsa_locl.h"
+#include "rsa_loc
a
l.h"
int RSA_check_key(const RSA *key)
{
return RSA_check_key_ex(key, NULL);
}
int RSA_check_key(const RSA *key)
{
return RSA_check_key_ex(key, NULL);
}
+/*
+ * NOTE: Key validation requires separate checks to be able to be accessed
+ * individually. These should be visible from the PKEY API..
+ * See rsa_sp800_56b_check_public, rsa_sp800_56b_check_private and
+ * rsa_sp800_56b_check_keypair.
+ */
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
{
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
{
+#ifdef FIPS_MODE
+ return rsa_sp800_56b_check_public(key)
+ && rsa_sp800_56b_check_private(key)
+ && rsa_sp800_56b_check_keypair(key, NULL, -1, RSA_bits(key));
+#else
BIGNUM *i, *j, *k, *l, *m;
BN_CTX *ctx;
int ret = 1, ex_primes = 0, idx;
BIGNUM *i, *j, *k, *l, *m;
BN_CTX *ctx;
int ret = 1, ex_primes = 0, idx;
@@
-62,13
+73,13
@@
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
}
/* p prime? */
}
/* p prime? */
- if (BN_
is_prime_ex(key->p, BN_prime_checks
, NULL, cb) != 1) {
+ if (BN_
check_prime(key->p
, NULL, cb) != 1) {
ret = 0;
RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
}
/* q prime? */
ret = 0;
RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_P_NOT_PRIME);
}
/* q prime? */
- if (BN_
is_prime_ex(key->q, BN_prime_checks
, NULL, cb) != 1) {
+ if (BN_
check_prime(key->q
, NULL, cb) != 1) {
ret = 0;
RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
}
ret = 0;
RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_Q_NOT_PRIME);
}
@@
-76,7
+87,7
@@
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
/* r_i prime? */
for (idx = 0; idx < ex_primes; idx++) {
pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
/* r_i prime? */
for (idx = 0; idx < ex_primes; idx++) {
pinfo = sk_RSA_PRIME_INFO_value(key->prime_infos, idx);
- if (BN_
is_prime_ex(pinfo->r, BN_prime_checks
, NULL, cb) != 1) {
+ if (BN_
check_prime(pinfo->r
, NULL, cb) != 1) {
ret = 0;
RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
}
ret = 0;
RSAerr(RSA_F_RSA_CHECK_KEY_EX, RSA_R_MP_R_NOT_PRIME);
}
@@
-225,4
+236,5
@@
int RSA_check_key_ex(const RSA *key, BN_GENCB *cb)
BN_free(m);
BN_CTX_free(ctx);
return ret;
BN_free(m);
BN_CTX_free(ctx);
return ret;
+#endif /* FIPS_MODE */
}
}