MercurialSymaptic / file revision
summary | shortlog | changelog | graph | tags | bookmarks | branches | files | changeset | file | latest | revisions | annotate | diff | raw | help
os/ossrv/ssl/libcrypto/src/crypto/rsa/rsa_sign.c
author sl@SLION-WIN7.fritz.box
Fri, 15 Jun 2012 03:10:57 +0200
changeset 0 bde4ae8d615e
permissions -rw-r--r--
First public contribution. 
     1 /* crypto/rsa/rsa_sign.c */

     2 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)

     3  * All rights reserved.

     4  *

     5  * This package is an SSL implementation written

     6  * by Eric Young (eay@cryptsoft.com).

     7  * The implementation was written so as to conform with Netscapes SSL.

     8  * 

     9  * This library is free for commercial and non-commercial use as long as

    10  * the following conditions are aheared to.  The following conditions

    11  * apply to all code found in this distribution, be it the RC4, RSA,

    12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation

    13  * included with this distribution is covered by the same copyright terms

    14  * except that the holder is Tim Hudson (tjh@cryptsoft.com).

    15  * 

    16  * Copyright remains Eric Young's, and as such any Copyright notices in

    17  * the code are not to be removed.

    18  * If this package is used in a product, Eric Young should be given attribution

    19  * as the author of the parts of the library used.

    20  * This can be in the form of a textual message at program startup or

    21  * in documentation (online or textual) provided with the package.

    22  * 

    23  * Redistribution and use in source and binary forms, with or without

    24  * modification, are permitted provided that the following conditions

    25  * are met:

    26  * 1. Redistributions of source code must retain the copyright

    27  *    notice, this list of conditions and the following disclaimer.

    28  * 2. Redistributions in binary form must reproduce the above copyright

    29  *    notice, this list of conditions and the following disclaimer in the

    30  *    documentation and/or other materials provided with the distribution.

    31  * 3. All advertising materials mentioning features or use of this software

    32  *    must display the following acknowledgement:

    33  *    "This product includes cryptographic software written by

    34  *     Eric Young (eay@cryptsoft.com)"

    35  *    The word 'cryptographic' can be left out if the rouines from the library

    36  *    being used are not cryptographic related :-).

    37  * 4. If you include any Windows specific code (or a derivative thereof) from 

    38  *    the apps directory (application code) you must include an acknowledgement:

    39  *    "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"

    40  * 

    41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND

    42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE

    43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE

    44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE

    45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL

    46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS

    47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)

    48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT

    49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY

    50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF

    51  * SUCH DAMAGE.

    52  * 

    53  * The licence and distribution terms for any publically available version or

    54  * derivative of this code cannot be changed.  i.e. this code cannot simply be

    55  * copied and put under another distribution licence

    56  * [including the GNU Public Licence.]

    57  */

    58 

    59 #include <stdio.h>

    60 #include "cryptlib.h"

    61 #include <openssl/bn.h>

    62 #include <openssl/rsa.h>

    63 #include <openssl/objects.h>

    64 #include <openssl/x509.h>

    65 

    66 /* Size of an SSL signature: MD5+SHA1 */

    67 #define SSL_SIG_LENGTH	36

    68 

    69 EXPORT_C int RSA_sign(int type, const unsigned char *m, unsigned int m_len,

    70 	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)

    71 	{

    72 	X509_SIG sig;

    73 	ASN1_TYPE parameter;

    74 	int i,j,ret=1;

    75 	unsigned char *p, *tmps = NULL;

    76 	const unsigned char *s = NULL;

    77 	X509_ALGOR algor;

    78 	ASN1_OCTET_STRING digest;

    79 	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)

    80 		{

    81 		return rsa->meth->rsa_sign(type, m, m_len,

    82 			sigret, siglen, rsa);

    83 		}

    84 	/* Special case: SSL signature, just check the length */

    85 	if(type == NID_md5_sha1) {

    86 		if(m_len != SSL_SIG_LENGTH) {

    87 			RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);

    88 			return(0);

    89 		}

    90 		i = SSL_SIG_LENGTH;

    91 		s = m;

    92 	} else {

    93 		sig.algor= &algor;

    94 		sig.algor->algorithm=OBJ_nid2obj(type);

    95 		if (sig.algor->algorithm == NULL)

    96 			{

    97 			RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);

    98 			return(0);

    99 			}

   100 		if (sig.algor->algorithm->length == 0)

   101 			{

   102 			RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);

   103 			return(0);

   104 			}

   105 		parameter.type=V_ASN1_NULL;

   106 		parameter.value.ptr=NULL;

   107 		sig.algor->parameter= &parameter;

   108 

   109 		sig.digest= &digest;

   110 		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */

   111 		sig.digest->length=m_len;

   112 

   113 		i=i2d_X509_SIG(&sig,NULL);

   114 	}

   115 	j=RSA_size(rsa);

   116 	if (i > (j-RSA_PKCS1_PADDING_SIZE))

   117 		{

   118 		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);

   119 		return(0);

   120 		}

   121 	if(type != NID_md5_sha1) {

   122 		tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1);

   123 		if (tmps == NULL)

   124 			{

   125 			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);

   126 			return(0);

   127 			}

   128 		p=tmps;

   129 		i2d_X509_SIG(&sig,&p);

   130 		s=tmps;

   131 	}

   132 	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);

   133 	if (i <= 0)

   134 		ret=0;

   135 	else

   136 		*siglen=i;

   137 

   138 	if(type != NID_md5_sha1) {

   139 		OPENSSL_cleanse(tmps,(unsigned int)j+1);

   140 		OPENSSL_free(tmps);

   141 	}

   142 	return(ret);

   143 	}

   144 

   145 EXPORT_C int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,

   146 	     unsigned char *sigbuf, unsigned int siglen, RSA *rsa)

   147 	{

   148 	int i,ret=0,sigtype;

   149 	unsigned char *s;

   150 	X509_SIG *sig=NULL;

   151 

   152 	if (siglen != (unsigned int)RSA_size(rsa))

   153 		{

   154 		RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);

   155 		return(0);

   156 		}

   157 

   158 	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)

   159 		{

   160 		return rsa->meth->rsa_verify(dtype, m, m_len,

   161 			sigbuf, siglen, rsa);

   162 		}

   163 

   164 	s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen);

   165 	if (s == NULL)

   166 		{

   167 		RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE);

   168 		goto err;

   169 		}

   170 	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {

   171 			RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);

   172 			goto err;

   173 	}

   174 	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);

   175 

   176 	if (i <= 0) goto err;

   177 

   178 	/* Special case: SSL signature */

   179 	if(dtype == NID_md5_sha1) {

   180 		if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))

   181 				RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

   182 		else ret = 1;

   183 	} else {

   184 		const unsigned char *p=s;

   185 		sig=d2i_X509_SIG(NULL,&p,(long)i);

   186 

   187 		if (sig == NULL) goto err;

   188 		

   189 		/* Excess data can be used to create forgeries */

   190 		if(p != s+i)

   191 			{

   192 			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

   193 			goto err;

   194 			}

   195 

   196 		/* Parameters to the signature algorithm can also be used to

   197 		   create forgeries */

   198 		if(sig->algor->parameter

   199 		   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)

   200 			{

   201 			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

   202 			goto err;

   203 			}

   204 		sigtype=OBJ_obj2nid(sig->algor->algorithm);

   205 

   206 

   207 	#ifdef RSA_DEBUG

   208 		/* put a backward compatibility flag in EAY */

   209 		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),

   210 			OBJ_nid2ln(dtype));

   211 	#endif

   212 		if (sigtype != dtype)

   213 			{

   214 			if (((dtype == NID_md5) &&

   215 				(sigtype == NID_md5WithRSAEncryption)) ||

   216 				((dtype == NID_md2) &&

   217 				(sigtype == NID_md2WithRSAEncryption)))

   218 				{

   219 				/* ok, we will let it through */

   220 #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16)

   221 				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");

   222 #endif

   223 				}

   224 			else

   225 				{

   226 				RSAerr(RSA_F_RSA_VERIFY,

   227 						RSA_R_ALGORITHM_MISMATCH);

   228 				goto err;

   229 				}

   230 			}

   231 		if (	((unsigned int)sig->digest->length != m_len) ||

   232 			(memcmp(m,sig->digest->data,m_len) != 0))

   233 			{

   234 			RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE);

   235 			}

   236 		else

   237 			ret=1;

   238 	}

   239 err:

   240 	if (sig != NULL) X509_SIG_free(sig);

   241 	if (s != NULL)

   242 		{

   243 		OPENSSL_cleanse(s,(unsigned int)siglen);

   244 		OPENSSL_free(s);

   245 		}

   246 	return(ret);

   247 	}

   248
Symaptic