generic-library/openssl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Store digests as EVP_MD instead of a NID.

Browse Source 
Add digest size sanity checks.
This commit is contained in:
Dr. Stephen Henson 2006-04-09 21:24:48 +00:00
parent a58a636838
commit 75d44c0452
6 changed files with 50 additions and 22 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
crypto/evp/evp.h
View File

@ -914,7 +914,7 @@ void EVP_PKEY_asn1_set_ctrl(EVP_PKEY_ASN1_METHOD *ameth,
#define EVP_PKEY_OP_ENCRYPT 8 #define EVP_PKEY_OP_ENCRYPT 8
#define EVP_PKEY_OP_DECRYPT 9 #define EVP_PKEY_OP_DECRYPT 9
#define EVP_PKEY_CTRL_MD_NID 1 #define EVP_PKEY_CTRL_MD 1
#define EVP_PKEY_ALG_CTRL 0x1000 #define EVP_PKEY_ALG_CTRL 0x1000

4
crypto/evp/pmeth_lib.c
View File

@ -187,8 +187,8 @@ int EVP_PKEY_CTX_ctrl_str(EVP_PKEY_CTX *ctx,
EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_DIGEST); EVPerr(EVP_F_EVP_PKEY_CTX_CTRL, EVP_R_INVALID_DIGEST);
return 0; return 0;
} }
return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_MD_NID, return EVP_PKEY_CTX_ctrl(ctx, -1, -1, EVP_PKEY_CTRL_MD,
EVP_MD_type(md), NULL); 0, (void *)md);
} }
return ctx->pmeth->ctrl_str(ctx, name, value); return ctx->pmeth->ctrl_str(ctx, name, value);
} }

2
crypto/rsa/rsa.h
View File

@ -351,6 +351,7 @@ void ERR_load_RSA_strings(void);
/* Function codes. */ /* Function codes. */
#define RSA_F_CHECK_PADDING_NID 140 #define RSA_F_CHECK_PADDING_NID 140
#define RSA_F_MEMORY_LOCK 100 #define RSA_F_MEMORY_LOCK 100
#define RSA_F_PKEY_RSA_SIGN 142
#define RSA_F_PKEY_RSA_VERIFYRECOVER 141 #define RSA_F_PKEY_RSA_VERIFYRECOVER 141
#define RSA_F_RSA_BUILTIN_KEYGEN 129 #define RSA_F_RSA_BUILTIN_KEYGEN 129
#define RSA_F_RSA_CHECK_KEY 123 #define RSA_F_RSA_CHECK_KEY 123
@ -412,6 +413,7 @@ void ERR_load_RSA_strings(void);
#define RSA_R_D_E_NOT_CONGRUENT_TO_1 123 #define RSA_R_D_E_NOT_CONGRUENT_TO_1 123
#define RSA_R_FIRST_OCTET_INVALID 133 #define RSA_R_FIRST_OCTET_INVALID 133
#define RSA_R_INVALID_DIGEST 105 #define RSA_R_INVALID_DIGEST 105
#define RSA_R_INVALID_DIGEST_LENGTH 143
#define RSA_R_INVALID_HEADER 137 #define RSA_R_INVALID_HEADER 137
#define RSA_R_INVALID_MESSAGE_LENGTH 131 #define RSA_R_INVALID_MESSAGE_LENGTH 131
#define RSA_R_INVALID_PADDING 138 #define RSA_R_INVALID_PADDING 138

2
crypto/rsa/rsa_err.c
View File

@ -72,6 +72,7 @@ static ERR_STRING_DATA RSA_str_functs[]=
{ {
{ERR_FUNC(RSA_F_CHECK_PADDING_NID), "CHECK_PADDING_NID"}, {ERR_FUNC(RSA_F_CHECK_PADDING_NID), "CHECK_PADDING_NID"},
{ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"}, {ERR_FUNC(RSA_F_MEMORY_LOCK), "MEMORY_LOCK"},
{ERR_FUNC(RSA_F_PKEY_RSA_SIGN), "PKEY_RSA_SIGN"},
{ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"}, {ERR_FUNC(RSA_F_PKEY_RSA_VERIFYRECOVER), "PKEY_RSA_VERIFYRECOVER"},
{ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"}, {ERR_FUNC(RSA_F_RSA_BUILTIN_KEYGEN), "RSA_BUILTIN_KEYGEN"},
{ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"}, {ERR_FUNC(RSA_F_RSA_CHECK_KEY), "RSA_check_key"},
@ -136,6 +137,7 @@ static ERR_STRING_DATA RSA_str_reasons[]=
{ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"}, {ERR_REASON(RSA_R_D_E_NOT_CONGRUENT_TO_1),"d e not congruent to 1"},
{ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"}, {ERR_REASON(RSA_R_FIRST_OCTET_INVALID) ,"first octet invalid"},
{ERR_REASON(RSA_R_INVALID_DIGEST) ,"invalid digest"}, {ERR_REASON(RSA_R_INVALID_DIGEST) ,"invalid digest"},
{ERR_REASON(RSA_R_INVALID_DIGEST_LENGTH) ,"invalid digest length"},
{ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"}, {ERR_REASON(RSA_R_INVALID_HEADER) ,"invalid header"},
{ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"}, {ERR_REASON(RSA_R_INVALID_MESSAGE_LENGTH),"invalid message length"},
{ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"}, {ERR_REASON(RSA_R_INVALID_PADDING) ,"invalid padding"},

47
crypto/rsa/rsa_pmeth.c
View File

@ -78,7 +78,7 @@ typedef struct
/* RSA padding mode */ /* RSA padding mode */
int pad_mode; int pad_mode;
/* nid for message digest */ /* nid for message digest */
int md_nid; const EVP_MD *md;
/* Temp buffer */ /* Temp buffer */
unsigned char *tbuf; unsigned char *tbuf;
} RSA_PKEY_CTX; } RSA_PKEY_CTX;
@ -92,7 +92,7 @@ static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
rctx->nbits = 1024; rctx->nbits = 1024;
rctx->pub_exp = NULL; rctx->pub_exp = NULL;
rctx->pad_mode = RSA_PKCS1_PADDING; rctx->pad_mode = RSA_PKCS1_PADDING;
rctx->md_nid = NID_undef; rctx->md = NULL;
rctx->tbuf = NULL; rctx->tbuf = NULL;
ctx->data = rctx; ctx->data = rctx;
@ -129,15 +129,21 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
int ret; int ret;
RSA_PKEY_CTX *rctx = ctx->data; RSA_PKEY_CTX *rctx = ctx->data;
if (rctx->md_nid != NID_undef) if (rctx->md)
{ {
if (tbslen != EVP_MD_size(rctx->md))
{
RSAerr(RSA_F_PKEY_RSA_SIGN,
RSA_R_INVALID_DIGEST_LENGTH);
return -1;
}
if (rctx->pad_mode == RSA_X931_PADDING) if (rctx->pad_mode == RSA_X931_PADDING)
{ {
if (!setup_tbuf(rctx, ctx)) if (!setup_tbuf(rctx, ctx))
return -1; return -1;
memcpy(rctx->tbuf, tbs, tbslen); memcpy(rctx->tbuf, tbs, tbslen);
rctx->tbuf[tbslen] = RSA_X931_hash_id(rctx->md_nid); rctx->tbuf[tbslen] =
RSA_X931_hash_id(EVP_MD_type(rctx->md));
ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
sig, ctx->pkey->pkey.rsa, sig, ctx->pkey->pkey.rsa,
RSA_X931_PADDING); RSA_X931_PADDING);
@ -145,7 +151,8 @@ static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, int *siglen,
else if (rctx->pad_mode == RSA_PKCS1_PADDING) else if (rctx->pad_mode == RSA_PKCS1_PADDING)
{ {
unsigned int sltmp; unsigned int sltmp;
ret = RSA_sign(rctx->md_nid, tbs, tbslen, sig, &sltmp, ret = RSA_sign(EVP_MD_type(rctx->md),
tbs, tbslen, sig, &sltmp,
ctx->pkey->pkey.rsa); ctx->pkey->pkey.rsa);
} }
else else
@ -168,7 +175,7 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
int ret; int ret;
RSA_PKEY_CTX *rctx = ctx->data; RSA_PKEY_CTX *rctx = ctx->data;
if (rctx->md_nid != NID_undef) if (rctx->md)
{ {
if (rctx->pad_mode == RSA_X931_PADDING) if (rctx->pad_mode == RSA_X931_PADDING)
{ {
@ -180,18 +187,26 @@ static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
if (ret < 1) if (ret < 1)
return 0; return 0;
ret--; ret--;
if (rctx->tbuf[ret] != RSA_X931_hash_id(rctx->md_nid)) if (rctx->tbuf[ret] !=
RSA_X931_hash_id(EVP_MD_type(rctx->md)))
{ {
RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
RSA_R_ALGORITHM_MISMATCH); RSA_R_ALGORITHM_MISMATCH);
return 0; return 0;
} }
if (ret != EVP_MD_size(rctx->md))
{
RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
RSA_R_INVALID_DIGEST_LENGTH);
return 0;
}
memcpy(sig, rctx->tbuf, ret); memcpy(sig, rctx->tbuf, ret);
} }
else if (rctx->pad_mode == RSA_PKCS1_PADDING) else if (rctx->pad_mode == RSA_PKCS1_PADDING)
{ {
unsigned int sltmp; unsigned int sltmp;
ret = int_rsa_verify(rctx->md_nid, NULL, 0, sig, &sltmp, ret = int_rsa_verify(EVP_MD_type(rctx->md),
NULL, 0, sig, &sltmp,
tbs, tbslen, ctx->pkey->pkey.rsa); tbs, tbslen, ctx->pkey->pkey.rsa);
} }
else else
@ -232,9 +247,9 @@ static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, unsigned char *out, int *outlen,
return 1; return 1;
} }
static int check_padding_nid(int nid, int padding) static int check_padding_md(const EVP_MD *md, int padding)
{ {
if (nid == NID_undef) if (!md)
return 1; return 1;
if (padding == RSA_NO_PADDING) if (padding == RSA_NO_PADDING)
{ {
@ -244,7 +259,7 @@ static int check_padding_nid(int nid, int padding)
if (padding == RSA_X931_PADDING) if (padding == RSA_X931_PADDING)
{ {
if (RSA_X931_hash_id(nid) == -1) if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
{ {
RSAerr(RSA_F_CHECK_PADDING_NID, RSAerr(RSA_F_CHECK_PADDING_NID,
RSA_R_INVALID_X931_DIGEST); RSA_R_INVALID_X931_DIGEST);
@ -268,17 +283,17 @@ static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
{ {
if (ctx->operation == EVP_PKEY_OP_KEYGEN) if (ctx->operation == EVP_PKEY_OP_KEYGEN)
return -2; return -2;
if (!check_padding_nid(rctx->md_nid, p1)) if (!check_padding_md(rctx->md, p1))
return 0; return 0;
rctx->pad_mode = p1; rctx->pad_mode = p1;
return 1; return 1;
} }
return -2; return -2;
case EVP_PKEY_CTRL_MD_NID: case EVP_PKEY_CTRL_MD:
if (!check_padding_nid(p1, rctx->pad_mode)) if (!check_padding_md(p2, rctx->pad_mode))
return 0; return 0;
rctx->md_nid = p1; rctx->md = p2;
return 1; return 1;
default: default:

15
crypto/rsa/rsa_sign.c
View File

@ -220,9 +220,18 @@ int int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
} }
if (rm) if (rm)
{ {
memcpy(rm, sig->digest->data, sig->digest->length); const EVP_MD *md;
*prm_len = sig->digest->length; md = EVP_get_digestbynid(dtype);
ret = 1; if (md && (EVP_MD_size(md) != sig->digest->length))
RSAerr(RSA_F_RSA_VERIFY,
RSA_R_INVALID_DIGEST_LENGTH);
else
{
memcpy(rm, sig->digest->data,
sig->digest->length);
*prm_len = sig->digest->length;
ret = 1;
}
} }
else if (((unsigned int)sig->digest->length != m_len) || else if (((unsigned int)sig->digest->length != m_len) ||
(memcmp(m,sig->digest->data,m_len) != 0)) (memcmp(m,sig->digest->data,m_len) != 0))