sl@0: /* crypto/rsa/rsa_sign.c */ sl@0: /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com) sl@0: * All rights reserved. sl@0: * sl@0: * This package is an SSL implementation written sl@0: * by Eric Young (eay@cryptsoft.com). sl@0: * The implementation was written so as to conform with Netscapes SSL. sl@0: * sl@0: * This library is free for commercial and non-commercial use as long as sl@0: * the following conditions are aheared to. The following conditions sl@0: * apply to all code found in this distribution, be it the RC4, RSA, sl@0: * lhash, DES, etc., code; not just the SSL code. The SSL documentation sl@0: * included with this distribution is covered by the same copyright terms sl@0: * except that the holder is Tim Hudson (tjh@cryptsoft.com). sl@0: * sl@0: * Copyright remains Eric Young's, and as such any Copyright notices in sl@0: * the code are not to be removed. sl@0: * If this package is used in a product, Eric Young should be given attribution sl@0: * as the author of the parts of the library used. sl@0: * This can be in the form of a textual message at program startup or sl@0: * in documentation (online or textual) provided with the package. sl@0: * sl@0: * Redistribution and use in source and binary forms, with or without sl@0: * modification, are permitted provided that the following conditions sl@0: * are met: sl@0: * 1. Redistributions of source code must retain the copyright sl@0: * notice, this list of conditions and the following disclaimer. sl@0: * 2. Redistributions in binary form must reproduce the above copyright sl@0: * notice, this list of conditions and the following disclaimer in the sl@0: * documentation and/or other materials provided with the distribution. sl@0: * 3. All advertising materials mentioning features or use of this software sl@0: * must display the following acknowledgement: sl@0: * "This product includes cryptographic software written by sl@0: * Eric Young (eay@cryptsoft.com)" sl@0: * The word 'cryptographic' can be left out if the rouines from the library sl@0: * being used are not cryptographic related :-). sl@0: * 4. If you include any Windows specific code (or a derivative thereof) from sl@0: * the apps directory (application code) you must include an acknowledgement: sl@0: * "This product includes software written by Tim Hudson (tjh@cryptsoft.com)" sl@0: * sl@0: * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND sl@0: * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE sl@0: * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE sl@0: * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE sl@0: * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL sl@0: * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS sl@0: * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) sl@0: * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT sl@0: * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY sl@0: * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF sl@0: * SUCH DAMAGE. sl@0: * sl@0: * The licence and distribution terms for any publically available version or sl@0: * derivative of this code cannot be changed. i.e. this code cannot simply be sl@0: * copied and put under another distribution licence sl@0: * [including the GNU Public Licence.] sl@0: */ sl@0: sl@0: #include sl@0: #include "cryptlib.h" sl@0: #include sl@0: #include sl@0: #include sl@0: #include sl@0: sl@0: /* Size of an SSL signature: MD5+SHA1 */ sl@0: #define SSL_SIG_LENGTH 36 sl@0: sl@0: EXPORT_C int RSA_sign(int type, const unsigned char *m, unsigned int m_len, sl@0: unsigned char *sigret, unsigned int *siglen, RSA *rsa) sl@0: { sl@0: X509_SIG sig; sl@0: ASN1_TYPE parameter; sl@0: int i,j,ret=1; sl@0: unsigned char *p, *tmps = NULL; sl@0: const unsigned char *s = NULL; sl@0: X509_ALGOR algor; sl@0: ASN1_OCTET_STRING digest; sl@0: if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign) sl@0: { sl@0: return rsa->meth->rsa_sign(type, m, m_len, sl@0: sigret, siglen, rsa); sl@0: } sl@0: /* Special case: SSL signature, just check the length */ sl@0: if(type == NID_md5_sha1) { sl@0: if(m_len != SSL_SIG_LENGTH) { sl@0: RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH); sl@0: return(0); sl@0: } sl@0: i = SSL_SIG_LENGTH; sl@0: s = m; sl@0: } else { sl@0: sig.algor= &algor; sl@0: sig.algor->algorithm=OBJ_nid2obj(type); sl@0: if (sig.algor->algorithm == NULL) sl@0: { sl@0: RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE); sl@0: return(0); sl@0: } sl@0: if (sig.algor->algorithm->length == 0) sl@0: { sl@0: RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD); sl@0: return(0); sl@0: } sl@0: parameter.type=V_ASN1_NULL; sl@0: parameter.value.ptr=NULL; sl@0: sig.algor->parameter= ¶meter; sl@0: sl@0: sig.digest= &digest; sl@0: sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */ sl@0: sig.digest->length=m_len; sl@0: sl@0: i=i2d_X509_SIG(&sig,NULL); sl@0: } sl@0: j=RSA_size(rsa); sl@0: if (i > (j-RSA_PKCS1_PADDING_SIZE)) sl@0: { sl@0: RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY); sl@0: return(0); sl@0: } sl@0: if(type != NID_md5_sha1) { sl@0: tmps=(unsigned char *)OPENSSL_malloc((unsigned int)j+1); sl@0: if (tmps == NULL) sl@0: { sl@0: RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE); sl@0: return(0); sl@0: } sl@0: p=tmps; sl@0: i2d_X509_SIG(&sig,&p); sl@0: s=tmps; sl@0: } sl@0: i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING); sl@0: if (i <= 0) sl@0: ret=0; sl@0: else sl@0: *siglen=i; sl@0: sl@0: if(type != NID_md5_sha1) { sl@0: OPENSSL_cleanse(tmps,(unsigned int)j+1); sl@0: OPENSSL_free(tmps); sl@0: } sl@0: return(ret); sl@0: } sl@0: sl@0: EXPORT_C int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len, sl@0: unsigned char *sigbuf, unsigned int siglen, RSA *rsa) sl@0: { sl@0: int i,ret=0,sigtype; sl@0: unsigned char *s; sl@0: X509_SIG *sig=NULL; sl@0: sl@0: if (siglen != (unsigned int)RSA_size(rsa)) sl@0: { sl@0: RSAerr(RSA_F_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH); sl@0: return(0); sl@0: } sl@0: sl@0: if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify) sl@0: { sl@0: return rsa->meth->rsa_verify(dtype, m, m_len, sl@0: sigbuf, siglen, rsa); sl@0: } sl@0: sl@0: s=(unsigned char *)OPENSSL_malloc((unsigned int)siglen); sl@0: if (s == NULL) sl@0: { sl@0: RSAerr(RSA_F_RSA_VERIFY,ERR_R_MALLOC_FAILURE); sl@0: goto err; sl@0: } sl@0: if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) { sl@0: RSAerr(RSA_F_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH); sl@0: goto err; sl@0: } sl@0: i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING); sl@0: sl@0: if (i <= 0) goto err; sl@0: sl@0: /* Special case: SSL signature */ sl@0: if(dtype == NID_md5_sha1) { sl@0: if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH)) sl@0: RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); sl@0: else ret = 1; sl@0: } else { sl@0: const unsigned char *p=s; sl@0: sig=d2i_X509_SIG(NULL,&p,(long)i); sl@0: sl@0: if (sig == NULL) goto err; sl@0: sl@0: /* Excess data can be used to create forgeries */ sl@0: if(p != s+i) sl@0: { sl@0: RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); sl@0: goto err; sl@0: } sl@0: sl@0: /* Parameters to the signature algorithm can also be used to sl@0: create forgeries */ sl@0: if(sig->algor->parameter sl@0: && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) sl@0: { sl@0: RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); sl@0: goto err; sl@0: } sl@0: sigtype=OBJ_obj2nid(sig->algor->algorithm); sl@0: sl@0: sl@0: #ifdef RSA_DEBUG sl@0: /* put a backward compatibility flag in EAY */ sl@0: fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype), sl@0: OBJ_nid2ln(dtype)); sl@0: #endif sl@0: if (sigtype != dtype) sl@0: { sl@0: if (((dtype == NID_md5) && sl@0: (sigtype == NID_md5WithRSAEncryption)) || sl@0: ((dtype == NID_md2) && sl@0: (sigtype == NID_md2WithRSAEncryption))) sl@0: { sl@0: /* ok, we will let it through */ sl@0: #if !defined(OPENSSL_NO_STDIO) && !defined(OPENSSL_SYS_WIN16) sl@0: fprintf(stderr,"signature has problems, re-make with post SSLeay045\n"); sl@0: #endif sl@0: } sl@0: else sl@0: { sl@0: RSAerr(RSA_F_RSA_VERIFY, sl@0: RSA_R_ALGORITHM_MISMATCH); sl@0: goto err; sl@0: } sl@0: } sl@0: if ( ((unsigned int)sig->digest->length != m_len) || sl@0: (memcmp(m,sig->digest->data,m_len) != 0)) sl@0: { sl@0: RSAerr(RSA_F_RSA_VERIFY,RSA_R_BAD_SIGNATURE); sl@0: } sl@0: else sl@0: ret=1; sl@0: } sl@0: err: sl@0: if (sig != NULL) X509_SIG_free(sig); sl@0: if (s != NULL) sl@0: { sl@0: OPENSSL_cleanse(s,(unsigned int)siglen); sl@0: OPENSSL_free(s); sl@0: } sl@0: return(ret); sl@0: } sl@0: