From 03cd49447fcfb24db329ac37baba439b00f0cdd1 Mon Sep 17 00:00:00 2001 From: =?utf8?q?Bodo=20M=C3=B6ller?= Date: Sun, 11 Jul 1999 22:00:55 +0000 Subject: [PATCH] New function RSA_check_key, openssl rsa -check --- CHANGES | 4 ++++ apps/rsa.c | 28 +++++++++++++++++++++++++++- crypto/rsa/Makefile.ssl | 8 ++++++-- crypto/rsa/rsa.h | 9 +++++++++ crypto/rsa/rsa_err.c | 8 ++++++++ util/libeay.num | 1 + 6 files changed, 55 insertions(+), 3 deletions(-) diff --git a/CHANGES b/CHANGES index fa03ac09a2..d64db581f2 100644 --- a/CHANGES +++ b/CHANGES @@ -4,6 +4,10 @@ Changes between 0.9.3a and 0.9.4 + *) New function RSA_check_key and new openssl rsa option -check + for verifying the consistency of RSA keys. + [Ulf Moeller, Bodo Moeller] + *) Various changes to make Win32 compile work: 1. Casts to avoid "loss of data" warnings in p5_crpt2.c 2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned diff --git a/apps/rsa.c b/apps/rsa.c index 3be1f67657..6537a24f5d 100644 --- a/apps/rsa.c +++ b/apps/rsa.c @@ -81,6 +81,7 @@ * -idea - encrypt output if PEM format * -text - print a text version * -modulus - print the RSA key modulus + * -check - verify key consistency */ int MAIN(int argc, char **argv) @@ -90,7 +91,7 @@ int MAIN(int argc, char **argv) int i,badops=0; const EVP_CIPHER *enc=NULL; BIO *in=NULL,*out=NULL; - int informat,outformat,text=0,noout=0; + int informat,outformat,text=0,check=0,noout=0; char *infile,*outfile,*prog; int modulus=0; @@ -136,6 +137,8 @@ int MAIN(int argc, char **argv) text=1; else if (strcmp(*argv,"-modulus") == 0) modulus=1; + else if (strcmp(*argv,"-check") == 0) + check=1; else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL) { BIO_printf(bio_err,"unknown option %s\n",*argv); @@ -163,6 +166,7 @@ bad: BIO_printf(bio_err," -text print the key in text\n"); BIO_printf(bio_err," -noout don't print key out\n"); BIO_printf(bio_err," -modulus print the RSA key modulus\n"); + BIO_printf(bio_err," -check verify key consistency\n"); goto end; } @@ -257,6 +261,28 @@ bad: fprintf(stdout,"\n"); } + if (check) + if (RSA_check_key(rsa)) + BIO_printf(out,"RSA key ok\n"); + else + { + long e; + + while ((e = ERR_peek_error()) != 0 && + ERR_GET_LIB(e) == ERR_LIB_RSA && + ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY && + ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE) + { + BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e)); + ERR_get_error(); /* remove e from error stack */ + } + if (e != 0) + { + ERR_print_errors(bio_err); + goto end; + } + } + if (noout) goto end; BIO_printf(bio_err,"writing RSA private key\n"); if (outformat == FORMAT_ASN1) diff --git a/crypto/rsa/Makefile.ssl b/crypto/rsa/Makefile.ssl index ad038ba7fd..da704fc558 100644 --- a/crypto/rsa/Makefile.ssl +++ b/crypto/rsa/Makefile.ssl @@ -23,9 +23,9 @@ APPS= LIB=$(TOP)/libcrypto.a LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \ - rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c + rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \ - rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o + rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o SRC= $(LIBSRC) @@ -80,6 +80,10 @@ clean: # DO NOT DELETE THIS LINE -- make depend depends on it. +rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h +rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h +rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h +rsa_chk.o: ../../include/openssl/stack.h rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h diff --git a/crypto/rsa/rsa.h b/crypto/rsa/rsa.h index 3be447dff2..26423ddeab 100644 --- a/crypto/rsa/rsa.h +++ b/crypto/rsa/rsa.h @@ -147,6 +147,7 @@ RSA * RSA_new_method(RSA_METHOD *method); int RSA_size(RSA *); RSA * RSA_generate_key(int bits, unsigned long e,void (*callback)(int,int,void *),void *cb_arg); +int RSA_check_key(RSA *); /* next 4 return -1 on error */ int RSA_public_encrypt(int flen, unsigned char *from, unsigned char *to, RSA *rsa,int padding); @@ -248,6 +249,7 @@ char *RSA_get_ex_data(RSA *r, int idx); /* Function codes. */ #define RSA_F_MEMORY_LOCK 100 +#define RSA_F_RSA_CHECK_KEY 123 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103 @@ -284,11 +286,18 @@ char *RSA_get_ex_data(RSA *r, int idx); #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110 #define RSA_R_DATA_TOO_SMALL 111 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122 +#define RSA_R_DE_NOT_CONGRUENT_TO_1 123 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112 +#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124 +#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125 +#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126 #define RSA_R_KEY_SIZE_TOO_SMALL 120 #define RSA_R_NULL_BEFORE_BLOCK_MISSING 113 +#define RSA_R_N_DOES_NOT_EQUAL_PQ 127 #define RSA_R_OAEP_DECODING_ERROR 121 #define RSA_R_PADDING_CHECK_FAILED 114 +#define RSA_R_P_NOT_PRIME 128 +#define RSA_R_Q_NOT_PRIME 129 #define RSA_R_SSLV3_ROLLBACK_ATTACK 115 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116 #define RSA_R_UNKNOWN_ALGORITHM_TYPE 117 diff --git a/crypto/rsa/rsa_err.c b/crypto/rsa/rsa_err.c index 0b443af7cc..d165553678 100644 --- a/crypto/rsa/rsa_err.c +++ b/crypto/rsa/rsa_err.c @@ -66,6 +66,7 @@ static ERR_STRING_DATA RSA_str_functs[]= { {ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"}, +{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"}, {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"}, {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"}, {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"}, @@ -105,11 +106,18 @@ static ERR_STRING_DATA RSA_str_reasons[]= {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"}, {RSA_R_DATA_TOO_SMALL ,"data too small"}, {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"}, +{RSA_R_DE_NOT_CONGRUENT_TO_1 ,"de not congruent to 1"}, {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"}, +{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"}, +{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"}, +{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"}, {RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"}, {RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"}, +{RSA_R_N_DOES_NOT_EQUAL_PQ ,"n does not equal pq"}, {RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"}, {RSA_R_PADDING_CHECK_FAILED ,"padding check failed"}, +{RSA_R_P_NOT_PRIME ,"p not prime"}, +{RSA_R_Q_NOT_PRIME ,"q not prime"}, {RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"}, {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"}, {RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"}, diff --git a/util/libeay.num b/util/libeay.num index e08ad4efea..2761f90589 100755 --- a/util/libeay.num +++ b/util/libeay.num @@ -1841,3 +1841,4 @@ sk_X509_LOOKUP_sort 1865 sk_POLICYQUALINFO_sort 1866 sk_X509_CRL_sort 1867 sk_DIST_POINT_sort 1868 +RSA_check_key 1869 -- 2.25.1