X-Git-Url: https://git.librecmc.org/?a=blobdiff_plain;f=crypto%2Frsa%2Frsa_chk.c;h=91b91157983fe9e09025f7896314bec53c8dc82d;hb=d3ed8ceb3d5f4f6318e96a147433cb1b09bec211;hp=2462c5e7933c602d135851da3c2d9d4d52bd7924;hpb=6519b2cb922cd7f5405112fba87f17f39adc82ee;p=oweals%2Fopenssl.git diff --git a/crypto/rsa/rsa_chk.c b/crypto/rsa/rsa_chk.c index 2462c5e793..91b9115798 100644 --- a/crypto/rsa/rsa_chk.c +++ b/crypto/rsa/rsa_chk.c @@ -1,4 +1,4 @@ -/* crypto/rsa/rsa_chck.c -*- Mode: C; c-file-style: "eay" -*- */ +/* crypto/rsa/rsa_chk.c -*- Mode: C; c-file-style: "eay" -*- */ /* ==================================================================== * Copyright (c) 1999 The OpenSSL Project. All rights reserved. * @@ -57,6 +57,7 @@ int RSA_check_key(RSA *key) { BIGNUM *i, *j, *k, *l, *m; BN_CTX *ctx; + int r; int ret=1; i = BN_new(); @@ -68,86 +69,110 @@ int RSA_check_key(RSA *key) if (i == NULL || j == NULL || k == NULL || l == NULL || m == NULL || ctx == NULL) { + ret = -1; RSAerr(RSA_F_RSA_CHECK_KEY, ERR_R_MALLOC_FAILURE); goto err; } /* p prime? */ - if (BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL) != 1) + r = BN_is_prime(key->p, BN_prime_checks, NULL, NULL, NULL); + if (r != 1) { - ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + ret = r; + if (r != 0) goto err; RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_P_NOT_PRIME); } /* q prime? */ - if (BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL) != 1) + r = BN_is_prime(key->q, BN_prime_checks, NULL, NULL, NULL); + if (r != 1) { - ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + ret = r; + if (r != 0) goto err; RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_Q_NOT_PRIME); } /* n = p*q? */ - BN_mul(i, key->p, key->q, ctx); + r = BN_mul(i, key->p, key->q, ctx); + if (!r) { ret = -1; goto err; } + if (BN_cmp(i, key->n) != 0) { ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) - goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_PQ); + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_N_DOES_NOT_EQUAL_P_Q); } - /* dmp1 = d mod (p-1)? */ - BN_sub(i, key->p, BN_value_one()); - BN_mod(j, key->d, i, ctx); - if (BN_cmp(j, key->dmp1) != 0) + /* d*e = 1 mod lcm(p-1,q-1)? */ + + r = BN_sub(i, key->p, BN_value_one()); + if (!r) { ret = -1; goto err; } + r = BN_sub(j, key->q, BN_value_one()); + if (!r) { ret = -1; goto err; } + + /* now compute k = lcm(i,j) */ + r = BN_mul(l, i, j, ctx); + if (!r) { ret = -1; goto err; } + r = BN_gcd(m, i, j, ctx); + if (!r) { ret = -1; goto err; } + r = BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ + if (!r) { ret = -1; goto err; } + + r = BN_mod_mul(i, key->d, key->e, k, ctx); + if (!r) { ret = -1; goto err; } + + if (!BN_is_one(i)) { ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) - goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMP1_NOT_CONGRUENT_TO_D); + RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_D_E_NOT_CONGRUENT_TO_1); } - /* dmq1 = d mod (q-1)? */ - BN_sub(i, key->q, BN_value_one()); - BN_mod(j, key->d, i, ctx); - if (BN_cmp(j, key->dmq1) != 0) + if (key->dmp1 != NULL && key->dmq1 != NULL && key->iqmp != NULL) { - ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) - goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DMQ1_NOT_CONGRUENT_TO_D); - } + /* dmp1 = d mod (p-1)? */ + r = BN_sub(i, key->p, BN_value_one()); + if (!r) { ret = -1; goto err; } + + r = BN_mod(j, key->d, i, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(j, key->dmp1) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_DMP1_NOT_CONGRUENT_TO_D); + } - /* iqmp = q^-1 mod p? */ - BN_mod_inverse(i, key->q, key->p, ctx); - if (BN_cmp(i, key->iqmp) != 0) - { - ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) - goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_IQMP_NOT_INVERSE_OF_Q); - } + /* dmq1 = d mod (q-1)? */ + r = BN_sub(i, key->q, BN_value_one()); + if (!r) { ret = -1; goto err; } - /* d*e = 1 mod lcm(p-1,q-1)? */ - BN_sub(i, key->p, BN_value_one()); - BN_sub(j, key->q, BN_value_one()); - /* now compute k = lcm(i,j) */ - BN_mul(l, i, j, ctx); - BN_gcd(m, i, j, ctx); - BN_div(k, NULL, l, m, ctx); /* remainder is 0 */ - BN_mod_mul(i, key->d, key->e, k, ctx); - if (!BN_is_one(i)) - { - ret = 0; - if (ERR_GET_REASON(ERR_peek_error()) == ERR_R_MALLOC_FAILURE) + r = BN_mod(j, key->d, i, ctx); + if (!r) { ret = -1; goto err; } + + if (BN_cmp(j, key->dmq1) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_DMQ1_NOT_CONGRUENT_TO_D); + } + + /* iqmp = q^-1 mod p? */ + if(!BN_mod_inverse(i, key->q, key->p, ctx)) + { + ret = -1; goto err; - RSAerr(RSA_F_RSA_CHECK_KEY, RSA_R_DE_NOT_CONGRUENT_TO_1); + } + + if (BN_cmp(i, key->iqmp) != 0) + { + ret = 0; + RSAerr(RSA_F_RSA_CHECK_KEY, + RSA_R_IQMP_NOT_INVERSE_OF_Q); + } } - + err: if (i != NULL) BN_free(i); if (j != NULL) BN_free(j);