const BIGNUM *Xq2, int nbits,
const BIGNUM *e, BN_CTX *ctx, BN_GENCB *cb);
+int rsa_padding_add_SSLv23_with_libctx(OPENSSL_CTX *libctx, unsigned char *to,
+ int tlen, const unsigned char *from,
+ int flen);
+int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from,
+ int flen);
+int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from,
+ int flen,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md);
+
#endif /* OSSL_CRYPTO_RSA_LOCAL_H */
const unsigned char *from, int flen,
const unsigned char *param, int plen)
{
- return RSA_padding_add_PKCS1_OAEP_mgf1(to, tlen, from, flen,
- param, plen, NULL, NULL);
+ return rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(NULL, to, tlen, from,
+ flen, param, plen, NULL,
+ NULL);
}
/*
* Step numbers are included here but not in the constant time inverse below
* to avoid complicating an already difficult enough function.
*/
-int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
- const unsigned char *from, int flen,
- const unsigned char *param, int plen,
- const EVP_MD *md, const EVP_MD *mgf1md)
+int rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(OPENSSL_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from,
+ int flen,
+ const unsigned char *param,
+ int plen, const EVP_MD *md,
+ const EVP_MD *mgf1md)
{
int rv = 0;
int i, emlen = tlen - 1;
if (md == NULL)
md = EVP_sha1();
#else
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
- ERR_R_PASSED_NULL_PARAMETER);
+ RSAerr(0, ERR_R_PASSED_NULL_PARAMETER);
return 0;
#endif
if (mgf1md == NULL)
/* step 2b: check KLen > nLen - 2 HLen - 2 */
if (flen > emlen - 2 * mdlen - 1) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ RSAerr(0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
if (emlen < 2 * mdlen + 1) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1,
- RSA_R_KEY_SIZE_TOO_SMALL);
+ RSAerr(0, RSA_R_KEY_SIZE_TOO_SMALL);
return 0;
}
db[emlen - flen - mdlen - 1] = 0x01;
memcpy(db + emlen - flen - mdlen, from, (unsigned int)flen);
/* step 3d: generate random byte string */
- if (RAND_bytes(seed, mdlen) <= 0)
+ if (RAND_bytes_ex(libctx, seed, mdlen) <= 0)
goto err;
dbmask_len = emlen - mdlen;
dbmask = OPENSSL_malloc(dbmask_len);
if (dbmask == NULL) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP_MGF1, ERR_R_MALLOC_FAILURE);
+ RSAerr(0, ERR_R_MALLOC_FAILURE);
goto err;
}
return rv;
}
+int RSA_padding_add_PKCS1_OAEP_mgf1(unsigned char *to, int tlen,
+ const unsigned char *from, int flen,
+ const unsigned char *param, int plen,
+ const EVP_MD *md, const EVP_MD *mgf1md)
+{
+ return rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(NULL, to, tlen, from,
+ flen, param, plen, md,
+ mgf1md);
+}
+
int RSA_padding_check_PKCS1_OAEP(unsigned char *to, int tlen,
const unsigned char *from, int flen, int num,
const unsigned char *param, int plen)
switch (padding) {
case RSA_PKCS1_PADDING:
- i = RSA_padding_add_PKCS1_type_2(buf, num, from, flen);
+ i = rsa_padding_add_PKCS1_type_2_with_libctx(rsa->libctx, buf, num,
+ from, flen);
break;
case RSA_PKCS1_OAEP_PADDING:
- i = RSA_padding_add_PKCS1_OAEP(buf, num, from, flen, NULL, 0);
+ i = rsa_padding_add_PKCS1_OAEP_mgf1_with_libctx(rsa->libctx, buf, num,
+ from, flen, NULL, 0,
+ NULL, NULL);
break;
#ifndef FIPS_MODE
case RSA_SSLV23_PADDING:
- i = RSA_padding_add_SSLv23(buf, num, from, flen);
+ i = rsa_padding_add_SSLv23_with_libctx(rsa->libctx, buf, num, from,
+ flen);
break;
#endif
case RSA_NO_PADDING:
#include <openssl/ssl.h>
#include "internal/cryptlib.h"
#include "crypto/rsa.h"
+#include "rsa_local.h"
int RSA_padding_add_PKCS1_type_1(unsigned char *to, int tlen,
const unsigned char *from, int flen)
return j;
}
-int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
+int rsa_padding_add_PKCS1_type_2_with_libctx(OPENSSL_CTX *libctx,
+ unsigned char *to, int tlen,
+ const unsigned char *from,
+ int flen)
{
int i, j;
unsigned char *p;
if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
- RSAerr(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ RSAerr(0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
/* pad out with non-zero random data */
j = tlen - 3 - flen;
- if (RAND_bytes(p, j) <= 0)
+ if (RAND_bytes_ex(libctx, p, j) <= 0)
return 0;
for (i = 0; i < j; i++) {
if (*p == '\0')
do {
- if (RAND_bytes(p, 1) <= 0)
+ if (RAND_bytes_ex(libctx, p, 1) <= 0)
return 0;
} while (*p == '\0');
p++;
return 1;
}
+int RSA_padding_add_PKCS1_type_2(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ return rsa_padding_add_PKCS1_type_2_with_libctx(NULL, to, tlen, from, flen);
+}
+
int RSA_padding_check_PKCS1_type_2(unsigned char *to, int tlen,
const unsigned char *from, int flen,
int num)
* decrypted data will be randomly generated (as per
* https://tools.ietf.org/html/rfc5246#section-7.4.7.1).
*/
-int rsa_padding_check_PKCS1_type_2_TLS(unsigned char *to, size_t tlen,
- const unsigned char *from, size_t flen,
- int client_version, int alt_version)
+int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *libctx, unsigned char *to,
+ size_t tlen, const unsigned char *from,
+ size_t flen, int client_version,
+ int alt_version)
{
unsigned int i, good, version_good;
unsigned char rand_premaster_secret[SSL_MAX_MASTER_KEY_LENGTH];
* Generate a random premaster secret to use in the event that we fail
* to decrypt.
*/
- if (RAND_priv_bytes(rand_premaster_secret,
- sizeof(rand_premaster_secret)) <= 0) {
+ if (RAND_priv_bytes_ex(libctx, rand_premaster_secret,
+ sizeof(rand_premaster_secret)) <= 0) {
ERR_raise(ERR_LIB_RSA, ERR_R_INTERNAL_ERROR);
return -1;
}
ERR_R_MALLOC_FAILURE);
goto err;
}
- if (RAND_bytes(salt, sLen) <= 0)
+ if (RAND_bytes_ex(rsa->libctx, salt, sLen) <= 0)
goto err;
}
maskedDBLen = emLen - hLen - 1;
#include <openssl/rsa.h>
#include <openssl/rand.h>
#include "internal/constant_time.h"
+#include "rsa_local.h"
-int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
- const unsigned char *from, int flen)
+int rsa_padding_add_SSLv23_with_libctx(OPENSSL_CTX *libctx, unsigned char *to,
+ int tlen, const unsigned char *from,
+ int flen)
{
int i, j;
unsigned char *p;
if (flen > (tlen - RSA_PKCS1_PADDING_SIZE)) {
- RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,
- RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
+ RSAerr(0, RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
return 0;
}
/* pad out with non-zero random data */
j = tlen - 3 - 8 - flen;
- if (RAND_bytes(p, j) <= 0)
+ if (RAND_bytes_ex(libctx, p, j) <= 0)
return 0;
for (i = 0; i < j; i++) {
if (*p == '\0')
do {
- if (RAND_bytes(p, 1) <= 0)
+ if (RAND_bytes_ex(libctx, p, 1) <= 0)
return 0;
} while (*p == '\0');
p++;
return 1;
}
+int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
+ const unsigned char *from, int flen)
+{
+ return rsa_padding_add_SSLv23_with_libctx(NULL, to, tlen, from, flen);
+}
+
/*
* Copy of RSA_padding_check_PKCS1_type_2 with a twist that rejects padding
* if nul delimiter is not preceded by 8 consecutive 0x03 bytes. It also
STACK_OF(BIGNUM_const) *exps,
STACK_OF(BIGNUM_const) *coeffs);
-int rsa_padding_check_PKCS1_type_2_TLS(unsigned char *to, size_t tlen,
- const unsigned char *from, size_t flen,
- int client_version, int alt_version);
+int rsa_padding_check_PKCS1_type_2_TLS(OPENSSL_CTX *ctx, unsigned char *to,
+ size_t tlen, const unsigned char *from,
+ size_t flen, int client_version,
+ int alt_version);
int rsa_validate_public(const RSA *key);
int rsa_validate_private(const RSA *key);
ERR_raise(ERR_LIB_PROV, PROV_R_BAD_TLS_CLIENT_VERSION);
return 0;
}
- ret = rsa_padding_check_PKCS1_type_2_TLS(out, outsize,
+ ret = rsa_padding_check_PKCS1_type_2_TLS(prsactx->libctx, out,
+ outsize,
tbuf, len,
prsactx->client_version,
prsactx->alt_version);