Update from 0.9.7-stable. Also repatch and rebuild error codes.

diff --git a/apps/rsautl.c b/apps/rsautl.c
index 596199010a39ba7e7b196803904ae497a89363e9..a629ff50acddef1a63b53c9addb7168b69e67353 100644 (file)
--- a/apps/rsautl.c
+++ b/apps/rsautl.c
@@ -148,6 +148,7 @@ int MAIN(int argc, char **argv)
                else if(!strcmp(*argv, "-oaep")) pad = RSA_PKCS1_OAEP_PADDING;
                else if(!strcmp(*argv, "-ssl")) pad = RSA_SSLV23_PADDING;
                else if(!strcmp(*argv, "-pkcs")) pad = RSA_PKCS1_PADDING;
+               else if(!strcmp(*argv, "-x931")) pad = RSA_X931_PADDING;
                else if(!strcmp(*argv, "-sign")) {
                        rsa_mode = RSA_SIGN;
                        need_priv = 1;

diff --git a/crypto/rsa/Makefile b/crypto/rsa/Makefile
index e406f2450ef5be9962048c3968f7eef3cdc08d78..6c05226522a34dec54579af0f693cd0aac97c5d9 100644 (file)
--- a/crypto/rsa/Makefile
+++ b/crypto/rsa/Makefile
@@ -19,10 +19,10 @@ APPS=
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
        rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c rsa_null.c \
-       rsa_asn1.c rsa_depr.c
+       rsa_pss.c rsa_x931.c rsa_asn1.c rsa_depr.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
        rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o rsa_null.o \
-       rsa_asn1.o rsa_depr.o
+       rsa_pss.o rsa_x931.o rsa_asn1.o rsa_depr.o
 
 SRC= $(LIBSRC)
 

diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h
index dcefebad217b73f3d01dfd2cff35749781b24f67..2dd403b81bc4c0990c703c275cebaccb42391a8c 100644 (file)
--- a/crypto/rsa/rsa.h
+++ b/crypto/rsa/rsa.h
@@ -196,6 +196,7 @@ struct rsa_st
 #define RSA_SSLV23_PADDING     2
 #define RSA_NO_PADDING         3
 #define RSA_PKCS1_OAEP_PADDING 4
+#define RSA_X931_PADDING       5
 
 #define RSA_PKCS1_PADDING_SIZE 11
 
@@ -297,6 +298,8 @@ int RSA_padding_add_PKCS1_type_2(unsigned char *to,int tlen,
        const unsigned char *f,int fl);
 int RSA_padding_check_PKCS1_type_2(unsigned char *to,int tlen,
        const unsigned char *f,int fl,int rsa_len);
+int PKCS1_MGF1(unsigned char *mask, long len,
+       const unsigned char *seed, long seedlen, const EVP_MD *dgst);
 int RSA_padding_add_PKCS1_OAEP(unsigned char *to,int tlen,
        const unsigned char *f,int fl,
        const unsigned char *p,int pl);
@@ -311,6 +314,11 @@ int RSA_padding_add_none(unsigned char *to,int tlen,
        const unsigned char *f,int fl);
 int RSA_padding_check_none(unsigned char *to,int tlen,
        const unsigned char *f,int fl,int rsa_len);
+int RSA_padding_add_X931(unsigned char *to,int tlen,
+       const unsigned char *f,int fl);
+int RSA_padding_check_X931(unsigned char *to,int tlen,
+       const unsigned char *f,int fl,int rsa_len);
+int RSA_X931_hash_id(int nid);
 
 int RSA_get_ex_new_index(long argl, void *argp, CRYPTO_EX_new *new_func,
        CRYPTO_EX_dup *dup_func, CRYPTO_EX_free *free_func);
@@ -329,37 +337,43 @@ void ERR_load_RSA_strings(void);
 /* Error codes for the RSA functions. */
 
 /* Function codes. */
-#define RSA_F_RSA_BUILTIN_KEYGEN                        105
+#define RSA_F_MEMORY_LOCK                               100
+#define RSA_F_RSA_BUILTIN_KEYGEN                        129
 #define RSA_F_RSA_CHECK_KEY                             123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT                   101
 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT                   102
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT                    103
 #define RSA_F_RSA_EAY_PUBLIC_ENCRYPT                    104
-#define RSA_F_RSA_MEMORY_LOCK                           100
+#define RSA_F_RSA_GENERATE_KEY                          105
+#define RSA_F_RSA_MEMORY_LOCK                           130
 #define RSA_F_RSA_NEW_METHOD                            106
 #define RSA_F_RSA_NULL                                  124
-#define RSA_F_RSA_NULL_MOD_EXP                          126
-#define RSA_F_RSA_NULL_PRIVATE_DECRYPT                  127
-#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                  128
-#define RSA_F_RSA_NULL_PUBLIC_DECRYPT                   129
-#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                   130
+#define RSA_F_RSA_NULL_MOD_EXP                          131
+#define RSA_F_RSA_NULL_PRIVATE_DECRYPT                  132
+#define RSA_F_RSA_NULL_PRIVATE_ENCRYPT                  133
+#define RSA_F_RSA_NULL_PUBLIC_DECRYPT                   134
+#define RSA_F_RSA_NULL_PUBLIC_ENCRYPT                   135
 #define RSA_F_RSA_PADDING_ADD_NONE                      107
 #define RSA_F_RSA_PADDING_ADD_PKCS1_OAEP                121
+#define RSA_F_RSA_PADDING_ADD_PKCS1_PSS                         125
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1              108
 #define RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2              109
 #define RSA_F_RSA_PADDING_ADD_SSLV23                    110
+#define RSA_F_RSA_PADDING_ADD_X931                      127
 #define RSA_F_RSA_PADDING_CHECK_NONE                    111
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP              122
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1            112
 #define RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2            113
 #define RSA_F_RSA_PADDING_CHECK_SSLV23                  114
+#define RSA_F_RSA_PADDING_CHECK_X931                    128
 #define RSA_F_RSA_PRINT                                         115
 #define RSA_F_RSA_PRINT_FP                              116
-#define RSA_F_RSA_SETUP_BLINDING                        125
+#define RSA_F_RSA_SETUP_BLINDING                        136
 #define RSA_F_RSA_SIGN                                  117
 #define RSA_F_RSA_SIGN_ASN1_OCTET_STRING                118
 #define RSA_F_RSA_VERIFY                                119
 #define RSA_F_RSA_VERIFY_ASN1_OCTET_STRING              120
+#define RSA_F_RSA_VERIFY_PKCS1_PSS                      126
 
 /* Reason codes. */
 #define RSA_R_ALGORITHM_MISMATCH                        100
@@ -379,13 +393,19 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_DMP1_NOT_CONGRUENT_TO_D                   124
 #define RSA_R_DMQ1_NOT_CONGRUENT_TO_D                   125
 #define RSA_R_D_E_NOT_CONGRUENT_TO_1                    123
+#define RSA_R_FIRST_OCTET_INVALID                       133
+#define RSA_R_INVALID_HEADER                            137
 #define RSA_R_INVALID_MESSAGE_LENGTH                    131
+#define RSA_R_INVALID_PADDING                           138
+#define RSA_R_INVALID_TRAILER                           139
 #define RSA_R_IQMP_NOT_INVERSE_OF_Q                     126
 #define RSA_R_KEY_SIZE_TOO_SMALL                        120
-#define RSA_R_NO_PUBLIC_EXPONENT                        133
+#define RSA_R_LAST_OCTET_INVALID                        134
+#define RSA_R_NO_PUBLIC_EXPONENT                        140
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING                         113
 #define RSA_R_N_DOES_NOT_EQUAL_P_Q                      127
 #define RSA_R_OAEP_DECODING_ERROR                       121
+#define RSA_R_ONE_CHECK_FAILED                          135
 #define RSA_R_PADDING_CHECK_FAILED                      114
 #define RSA_R_P_NOT_PRIME                               128
 #define RSA_R_Q_NOT_PRIME                               129
@@ -395,6 +415,7 @@ void ERR_load_RSA_strings(void);
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE                    117
 #define RSA_R_UNKNOWN_PADDING_TYPE                      118
 #define RSA_R_WRONG_SIGNATURE_LENGTH                    119
+#define RSA_R_ZERO_CHECK_FAILED                                 136
 
 #ifdef  __cplusplus
 }

diff --git a/crypto/rsa/rsa_eay.c b/crypto/rsa/rsa_eay.c
index 6954f36d5d431da70577c11f6c0f51761e811712..620ac5544b78cb0d0f202aed02ee03d151feb009 100644 (file)
--- a/crypto/rsa/rsa_eay.c
+++ b/crypto/rsa/rsa_eay.c
@@ -309,7 +309,7 @@ static int rsa_blinding_invert(BN_BLINDING *b, int local, BIGNUM *f,
 static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
             unsigned char *to, RSA *rsa, int padding)
        {
-       BIGNUM *f, *ret, *br;
+       BIGNUM *f, *ret, *br, *res;
        int i,j,k,num=0,r= -1;
        unsigned char *buf=NULL;
        BN_CTX *ctx=NULL;
@@ -334,6 +334,9 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
        case RSA_PKCS1_PADDING:
                i=RSA_padding_add_PKCS1_type_1(buf,num,from,flen);
                break;
+       case RSA_X931_PADDING:
+               i=RSA_padding_add_X931(buf,num,from,flen);
+               break;
        case RSA_NO_PADDING:
                i=RSA_padding_add_none(buf,num,from,flen);
                break;
@@ -400,10 +403,21 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
                if (!rsa_blinding_invert(blinding, local_blinding, ret, br, ctx))
                        goto err;
 
+       if (padding == RSA_X931_PADDING)
+               {
+               BN_sub(f, rsa->n, ret);
+               if (BN_cmp(ret, f))
+                       res = f;
+               else
+                       res = ret;
+               }
+       else
+               res = ret;
+
        /* put in leading 0 bytes if the number is less than the
         * length of the modulus */
-       j=BN_num_bytes(ret);
-       i=BN_bn2bin(ret,&(to[num-j]));
+       j=BN_num_bytes(res);
+       i=BN_bn2bin(res,&(to[num-j]));
        for (k=0; k<(num-i); k++)
                to[k]=0;
 
@@ -593,6 +607,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
        if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
                rsa->_method_mod_n)) goto err;
 
+       if ((padding == RSA_X931_PADDING) && ((ret->d[0] & 0xf) != 12))
+               BN_sub(ret, rsa->n, ret);
+
        p=buf;
        i=BN_bn2bin(ret,p);
 
@@ -601,6 +618,9 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
        case RSA_PKCS1_PADDING:
                r=RSA_padding_check_PKCS1_type_1(to,num,buf,i,num);
                break;
+       case RSA_X931_PADDING:
+               r=RSA_padding_check_X931(to,num,buf,i,num);
+               break;
        case RSA_NO_PADDING:
                r=RSA_padding_check_none(to,num,buf,i,num);
                break;

diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c
index b2ac6c22a9e9c5c56ca8b5b53e064135dd924c6f..48e8f393149d73037aff03bcf0f4bcaaa33fdae1 100644 (file)
--- a/crypto/rsa/rsa_err.c
+++ b/crypto/rsa/rsa_err.c
@@ -70,12 +70,14 @@
 
 static ERR_STRING_DATA RSA_str_functs[]=
        {
+{ERR_FUNC(RSA_F_MEMORY_LOCK),  "MEMORY_LOCK"},
 {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN),   "RSA_BUILTIN_KEYGEN"},
 {ERR_FUNC(RSA_F_RSA_CHECK_KEY),        "RSA_check_key"},
 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_DECRYPT),      "RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PRIVATE_ENCRYPT),      "RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_DECRYPT),       "RSA_EAY_PUBLIC_DECRYPT"},
 {ERR_FUNC(RSA_F_RSA_EAY_PUBLIC_ENCRYPT),       "RSA_EAY_PUBLIC_ENCRYPT"},
+{ERR_FUNC(RSA_F_RSA_GENERATE_KEY),     "RSA_generate_key"},
 {ERR_FUNC(RSA_F_RSA_MEMORY_LOCK),      "RSA_memory_lock"},
 {ERR_FUNC(RSA_F_RSA_NEW_METHOD),       "RSA_new_method"},
 {ERR_FUNC(RSA_F_RSA_NULL),     "RSA_NULL"},
@@ -86,14 +88,17 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_NULL_PUBLIC_ENCRYPT),      "RSA_NULL_PUBLIC_ENCRYPT"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_NONE), "RSA_padding_add_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_OAEP),   "RSA_padding_add_PKCS1_OAEP"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_PSS),    "RSA_PADDING_ADD_PKCS1_PSS"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_1), "RSA_padding_add_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_PKCS1_TYPE_2), "RSA_padding_add_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_ADD_SSLV23),       "RSA_padding_add_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_ADD_X931), "RSA_padding_add_X931"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_NONE),       "RSA_padding_check_none"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_OAEP), "RSA_padding_check_PKCS1_OAEP"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_1),       "RSA_padding_check_PKCS1_type_1"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_PKCS1_TYPE_2),       "RSA_padding_check_PKCS1_type_2"},
 {ERR_FUNC(RSA_F_RSA_PADDING_CHECK_SSLV23),     "RSA_padding_check_SSLv23"},
+{ERR_FUNC(RSA_F_RSA_PADDING_CHECK_X931),       "RSA_padding_check_X931"},
 {ERR_FUNC(RSA_F_RSA_PRINT),    "RSA_print"},
 {ERR_FUNC(RSA_F_RSA_PRINT_FP), "RSA_print_fp"},
 {ERR_FUNC(RSA_F_RSA_SETUP_BLINDING),   "RSA_setup_blinding"},
@@ -101,6 +106,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
 {ERR_FUNC(RSA_F_RSA_SIGN_ASN1_OCTET_STRING),   "RSA_sign_ASN1_OCTET_STRING"},
 {ERR_FUNC(RSA_F_RSA_VERIFY),   "RSA_verify"},
 {ERR_FUNC(RSA_F_RSA_VERIFY_ASN1_OCTET_STRING), "RSA_verify_ASN1_OCTET_STRING"},
+{ERR_FUNC(RSA_F_RSA_VERIFY_PKCS1_PSS), "RSA_VERIFY_PKCS1_PSS"},
 {0,NULL}
        };
 
@@ -123,13 +129,19 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_DMP1_NOT_CONGRUENT_TO_D),"dmp1 not congruent to d"},
 {ERR_REASON(RSA_R_DMQ1_NOT_CONGRUENT_TO_D),"dmq1 not congruent to d"},
 {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
+{ERR_REASON(RSA_R_FIRST_OCTET_INVALID)   ,"first octet invalid"},
+{ERR_REASON(RSA_R_INVALID_HEADER)        ,"invalid header"},
 {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
+{ERR_REASON(RSA_R_INVALID_PADDING)       ,"invalid padding"},
+{ERR_REASON(RSA_R_INVALID_TRAILER)       ,"invalid trailer"},
 {ERR_REASON(RSA_R_IQMP_NOT_INVERSE_OF_Q) ,"iqmp not inverse of q"},
 {ERR_REASON(RSA_R_KEY_SIZE_TOO_SMALL)    ,"key size too small"},
+{ERR_REASON(RSA_R_LAST_OCTET_INVALID)    ,"last octet invalid"},
 {ERR_REASON(RSA_R_NO_PUBLIC_EXPONENT)    ,"no public exponent"},
 {ERR_REASON(RSA_R_NULL_BEFORE_BLOCK_MISSING),"null before block missing"},
 {ERR_REASON(RSA_R_N_DOES_NOT_EQUAL_P_Q)  ,"n does not equal p q"},
 {ERR_REASON(RSA_R_OAEP_DECODING_ERROR)   ,"oaep decoding error"},
+{ERR_REASON(RSA_R_ONE_CHECK_FAILED)      ,"one check failed"},
 {ERR_REASON(RSA_R_PADDING_CHECK_FAILED)  ,"padding check failed"},
 {ERR_REASON(RSA_R_P_NOT_PRIME)           ,"p not prime"},
 {ERR_REASON(RSA_R_Q_NOT_PRIME)           ,"q not prime"},
@@ -139,6 +151,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {ERR_REASON(RSA_R_UNKNOWN_ALGORITHM_TYPE),"unknown algorithm type"},
 {ERR_REASON(RSA_R_UNKNOWN_PADDING_TYPE)  ,"unknown padding type"},
 {ERR_REASON(RSA_R_WRONG_SIGNATURE_LENGTH),"wrong signature length"},
+{ERR_REASON(RSA_R_ZERO_CHECK_FAILED)     ,"zero check failed"},
 {0,NULL}
        };
 

diff --git a/crypto/rsa/rsa_oaep.c b/crypto/rsa/rsa_oaep.c
index 66d33e538a6125dac1a29440800d05dbc98b5579..45d6f6ef8a5eaa5435cc3e313cc7415ab1b405ff 100644 (file)
--- a/crypto/rsa/rsa_oaep.c
+++ b/crypto/rsa/rsa_oaep.c
@@ -170,28 +170,30 @@ decoding_err:
        return -1;
        }
 
-int MGF1(unsigned char *mask, long len,
-       const unsigned char *seed, long seedlen)
+int PKCS1_MGF1(unsigned char *mask, long len,
+       const unsigned char *seed, long seedlen, const EVP_MD *dgst)
        {
        long i, outlen = 0;
        unsigned char cnt[4];
        EVP_MD_CTX c;
-       unsigned char md[SHA_DIGEST_LENGTH];
+       unsigned char md[EVP_MAX_MD_SIZE];
+       int mdlen;
 
        EVP_MD_CTX_init(&c);
+       mdlen = EVP_MD_size(dgst);
        for (i = 0; outlen < len; i++)
                {
                cnt[0] = (unsigned char)((i >> 24) & 255);
                cnt[1] = (unsigned char)((i >> 16) & 255);
                cnt[2] = (unsigned char)((i >> 8)) & 255;
                cnt[3] = (unsigned char)(i & 255);
-               EVP_DigestInit_ex(&c,EVP_sha1(), NULL);
+               EVP_DigestInit_ex(&c,dgst, NULL);
                EVP_DigestUpdate(&c, seed, seedlen);
                EVP_DigestUpdate(&c, cnt, 4);
-               if (outlen + SHA_DIGEST_LENGTH <= len)
+               if (outlen + mdlen <= len)
                        {
                        EVP_DigestFinal_ex(&c, mask + outlen, NULL);
-                       outlen += SHA_DIGEST_LENGTH;
+                       outlen += mdlen;
                        }
                else
                        {
@@ -203,4 +205,9 @@ int MGF1(unsigned char *mask, long len,
        EVP_MD_CTX_cleanup(&c);
        return 0;
        }
+
+int MGF1(unsigned char *mask, long len, const unsigned char *seed, long seedlen)
+       {
+       return PKCS1_MGF1(mask, len, seed, seedlen, EVP_sha1());
+       }
 #endif