New function RSA_check_key,
openssl rsa -check
This commit is contained in:
parent
f598cd13a3
commit
03cd49447f
4
CHANGES
4
CHANGES
@ -4,6 +4,10 @@
|
||||
|
||||
Changes between 0.9.3a and 0.9.4
|
||||
|
||||
*) New function RSA_check_key and new openssl rsa option -check
|
||||
for verifying the consistency of RSA keys.
|
||||
[Ulf Moeller, Bodo Moeller]
|
||||
|
||||
*) Various changes to make Win32 compile work:
|
||||
1. Casts to avoid "loss of data" warnings in p5_crpt2.c
|
||||
2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned
|
||||
|
28
apps/rsa.c
28
apps/rsa.c
@ -81,6 +81,7 @@
|
||||
* -idea - encrypt output if PEM format
|
||||
* -text - print a text version
|
||||
* -modulus - print the RSA key modulus
|
||||
* -check - verify key consistency
|
||||
*/
|
||||
|
||||
int MAIN(int argc, char **argv)
|
||||
@ -90,7 +91,7 @@ int MAIN(int argc, char **argv)
|
||||
int i,badops=0;
|
||||
const EVP_CIPHER *enc=NULL;
|
||||
BIO *in=NULL,*out=NULL;
|
||||
int informat,outformat,text=0,noout=0;
|
||||
int informat,outformat,text=0,check=0,noout=0;
|
||||
char *infile,*outfile,*prog;
|
||||
int modulus=0;
|
||||
|
||||
@ -136,6 +137,8 @@ int MAIN(int argc, char **argv)
|
||||
text=1;
|
||||
else if (strcmp(*argv,"-modulus") == 0)
|
||||
modulus=1;
|
||||
else if (strcmp(*argv,"-check") == 0)
|
||||
check=1;
|
||||
else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
|
||||
{
|
||||
BIO_printf(bio_err,"unknown option %s\n",*argv);
|
||||
@ -163,6 +166,7 @@ bad:
|
||||
BIO_printf(bio_err," -text print the key in text\n");
|
||||
BIO_printf(bio_err," -noout don't print key out\n");
|
||||
BIO_printf(bio_err," -modulus print the RSA key modulus\n");
|
||||
BIO_printf(bio_err," -check verify key consistency\n");
|
||||
goto end;
|
||||
}
|
||||
|
||||
@ -257,6 +261,28 @@ bad:
|
||||
fprintf(stdout,"\n");
|
||||
}
|
||||
|
||||
if (check)
|
||||
if (RSA_check_key(rsa))
|
||||
BIO_printf(out,"RSA key ok\n");
|
||||
else
|
||||
{
|
||||
long e;
|
||||
|
||||
while ((e = ERR_peek_error()) != 0 &&
|
||||
ERR_GET_LIB(e) == ERR_LIB_RSA &&
|
||||
ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
|
||||
ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
|
||||
{
|
||||
BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
|
||||
ERR_get_error(); /* remove e from error stack */
|
||||
}
|
||||
if (e != 0)
|
||||
{
|
||||
ERR_print_errors(bio_err);
|
||||
goto end;
|
||||
}
|
||||
}
|
||||
|
||||
if (noout) goto end;
|
||||
BIO_printf(bio_err,"writing RSA private key\n");
|
||||
if (outformat == FORMAT_ASN1)
|
||||
|
@ -23,9 +23,9 @@ APPS=
|
||||
|
||||
LIB=$(TOP)/libcrypto.a
|
||||
LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
|
||||
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c
|
||||
rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c
|
||||
LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
|
||||
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o
|
||||
rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o
|
||||
|
||||
SRC= $(LIBSRC)
|
||||
|
||||
@ -80,6 +80,10 @@ clean:
|
||||
|
||||
# DO NOT DELETE THIS LINE -- make depend depends on it.
|
||||
|
||||
rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
|
||||
rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
|
||||
rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
|
||||
rsa_chk.o: ../../include/openssl/stack.h
|
||||
rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
|
||||
rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
|
||||
rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h
|
||||
|
@ -147,6 +147,7 @@ RSA * RSA_new_method(RSA_METHOD *method);
|
||||
int RSA_size(RSA *);
|
||||
RSA * RSA_generate_key(int bits, unsigned long e,void
|
||||
(*callback)(int,int,void *),void *cb_arg);
|
||||
int RSA_check_key(RSA *);
|
||||
/* next 4 return -1 on error */
|
||||
int RSA_public_encrypt(int flen, unsigned char *from,
|
||||
unsigned char *to, RSA *rsa,int padding);
|
||||
@ -248,6 +249,7 @@ char *RSA_get_ex_data(RSA *r, int idx);
|
||||
|
||||
/* Function codes. */
|
||||
#define RSA_F_MEMORY_LOCK 100
|
||||
#define RSA_F_RSA_CHECK_KEY 123
|
||||
#define RSA_F_RSA_EAY_PRIVATE_DECRYPT 101
|
||||
#define RSA_F_RSA_EAY_PRIVATE_ENCRYPT 102
|
||||
#define RSA_F_RSA_EAY_PUBLIC_DECRYPT 103
|
||||
@ -284,11 +286,18 @@ char *RSA_get_ex_data(RSA *r, int idx);
|
||||
#define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE 110
|
||||
#define RSA_R_DATA_TOO_SMALL 111
|
||||
#define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE 122
|
||||
#define RSA_R_DE_NOT_CONGRUENT_TO_1 123
|
||||
#define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY 112
|
||||
#define RSA_R_DMP1_NOT_CONGRUENT_TO_D 124
|
||||
#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D 125
|
||||
#define RSA_R_IQMP_NOT_INVERSE_OF_Q 126
|
||||
#define RSA_R_KEY_SIZE_TOO_SMALL 120
|
||||
#define RSA_R_NULL_BEFORE_BLOCK_MISSING 113
|
||||
#define RSA_R_N_DOES_NOT_EQUAL_PQ 127
|
||||
#define RSA_R_OAEP_DECODING_ERROR 121
|
||||
#define RSA_R_PADDING_CHECK_FAILED 114
|
||||
#define RSA_R_P_NOT_PRIME 128
|
||||
#define RSA_R_Q_NOT_PRIME 129
|
||||
#define RSA_R_SSLV3_ROLLBACK_ATTACK 115
|
||||
#define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
|
||||
#define RSA_R_UNKNOWN_ALGORITHM_TYPE 117
|
||||
|
@ -66,6 +66,7 @@
|
||||
static ERR_STRING_DATA RSA_str_functs[]=
|
||||
{
|
||||
{ERR_PACK(0,RSA_F_MEMORY_LOCK,0), "MEMORY_LOCK"},
|
||||
{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0), "RSA_check_key"},
|
||||
{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0), "RSA_EAY_PRIVATE_DECRYPT"},
|
||||
{ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0), "RSA_EAY_PRIVATE_ENCRYPT"},
|
||||
{ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0), "RSA_EAY_PUBLIC_DECRYPT"},
|
||||
@ -105,11 +106,18 @@ static ERR_STRING_DATA RSA_str_reasons[]=
|
||||
{RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE ,"data too large for key size"},
|
||||
{RSA_R_DATA_TOO_SMALL ,"data too small"},
|
||||
{RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE ,"data too small for key size"},
|
||||
{RSA_R_DE_NOT_CONGRUENT_TO_1 ,"de not congruent to 1"},
|
||||
{RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY ,"digest too big for rsa key"},
|
||||
{RSA_R_DMP1_NOT_CONGRUENT_TO_D ,"dmp1 not congruent to d"},
|
||||
{RSA_R_DMQ1_NOT_CONGRUENT_TO_D ,"dmq1 not congruent to d"},
|
||||
{RSA_R_IQMP_NOT_INVERSE_OF_Q ,"iqmp not inverse of q"},
|
||||
{RSA_R_KEY_SIZE_TOO_SMALL ,"key size too small"},
|
||||
{RSA_R_NULL_BEFORE_BLOCK_MISSING ,"null before block missing"},
|
||||
{RSA_R_N_DOES_NOT_EQUAL_PQ ,"n does not equal pq"},
|
||||
{RSA_R_OAEP_DECODING_ERROR ,"oaep decoding error"},
|
||||
{RSA_R_PADDING_CHECK_FAILED ,"padding check failed"},
|
||||
{RSA_R_P_NOT_PRIME ,"p not prime"},
|
||||
{RSA_R_Q_NOT_PRIME ,"q not prime"},
|
||||
{RSA_R_SSLV3_ROLLBACK_ATTACK ,"sslv3 rollback attack"},
|
||||
{RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
|
||||
{RSA_R_UNKNOWN_ALGORITHM_TYPE ,"unknown algorithm type"},
|
||||
|
@ -1841,3 +1841,4 @@ sk_X509_LOOKUP_sort 1865
|
||||
sk_POLICYQUALINFO_sort 1866
|
||||
sk_X509_CRL_sort 1867
|
||||
sk_DIST_POINT_sort 1868
|
||||
RSA_check_key 1869
|
||||
|
Loading…
Reference in New Issue
Block a user