Home | History | Annotate | Download | only in rsa
      1 /* crypto/rsa/rsa_ssl.c */
      2 /* Copyright (C) 1995-1998 Eric Young (eay (at) cryptsoft.com)
      3  * All rights reserved.
      4  *
      5  * This package is an SSL implementation written
      6  * by Eric Young (eay (at) cryptsoft.com).
      7  * The implementation was written so as to conform with Netscapes SSL.
      8  *
      9  * This library is free for commercial and non-commercial use as long as
     10  * the following conditions are aheared to.  The following conditions
     11  * apply to all code found in this distribution, be it the RC4, RSA,
     12  * lhash, DES, etc., code; not just the SSL code.  The SSL documentation
     13  * included with this distribution is covered by the same copyright terms
     14  * except that the holder is Tim Hudson (tjh (at) cryptsoft.com).
     15  *
     16  * Copyright remains Eric Young's, and as such any Copyright notices in
     17  * the code are not to be removed.
     18  * If this package is used in a product, Eric Young should be given attribution
     19  * as the author of the parts of the library used.
     20  * This can be in the form of a textual message at program startup or
     21  * in documentation (online or textual) provided with the package.
     22  *
     23  * Redistribution and use in source and binary forms, with or without
     24  * modification, are permitted provided that the following conditions
     25  * are met:
     26  * 1. Redistributions of source code must retain the copyright
     27  *    notice, this list of conditions and the following disclaimer.
     28  * 2. Redistributions in binary form must reproduce the above copyright
     29  *    notice, this list of conditions and the following disclaimer in the
     30  *    documentation and/or other materials provided with the distribution.
     31  * 3. All advertising materials mentioning features or use of this software
     32  *    must display the following acknowledgement:
     33  *    "This product includes cryptographic software written by
     34  *     Eric Young (eay (at) cryptsoft.com)"
     35  *    The word 'cryptographic' can be left out if the rouines from the library
     36  *    being used are not cryptographic related :-).
     37  * 4. If you include any Windows specific code (or a derivative thereof) from
     38  *    the apps directory (application code) you must include an acknowledgement:
     39  *    "This product includes software written by Tim Hudson (tjh (at) cryptsoft.com)"
     40  *
     41  * THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND
     42  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
     43  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
     44  * ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
     45  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
     46  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
     47  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
     48  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
     49  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
     50  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
     51  * SUCH DAMAGE.
     52  *
     53  * The licence and distribution terms for any publically available version or
     54  * derivative of this code cannot be changed.  i.e. this code cannot simply be
     55  * copied and put under another distribution licence
     56  * [including the GNU Public Licence.]
     57  */
     58 
     59 #include <stdio.h>
     60 #include "cryptlib.h"
     61 #include <openssl/bn.h>
     62 #include <openssl/rsa.h>
     63 #include <openssl/rand.h>
     64 
     65 int RSA_padding_add_SSLv23(unsigned char *to, int tlen,
     66 	const unsigned char *from, int flen)
     67 	{
     68 	int i,j;
     69 	unsigned char *p;
     70 
     71 	if (flen > (tlen-11))
     72 		{
     73 		RSAerr(RSA_F_RSA_PADDING_ADD_SSLV23,RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE);
     74 		return(0);
     75 		}
     76 
     77 	p=(unsigned char *)to;
     78 
     79 	*(p++)=0;
     80 	*(p++)=2; /* Public Key BT (Block Type) */
     81 
     82 	/* pad out with non-zero random data */
     83 	j=tlen-3-8-flen;
     84 
     85 	if (RAND_bytes(p,j) <= 0)
     86 		return(0);
     87 	for (i=0; i<j; i++)
     88 		{
     89 		if (*p == '\0')
     90 			do	{
     91 				if (RAND_bytes(p,1) <= 0)
     92 					return(0);
     93 				} while (*p == '\0');
     94 		p++;
     95 		}
     96 
     97 	memset(p,3,8);
     98 	p+=8;
     99 	*(p++)='\0';
    100 
    101 	memcpy(p,from,(unsigned int)flen);
    102 	return(1);
    103 	}
    104 
    105 int RSA_padding_check_SSLv23(unsigned char *to, int tlen,
    106 	const unsigned char *from, int flen, int num)
    107 	{
    108 	int i,j,k;
    109 	const unsigned char *p;
    110 
    111 	p=from;
    112 	if (flen < 10)
    113 		{
    114 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_SMALL);
    115 		return(-1);
    116 		}
    117 	if ((num != (flen+1)) || (*(p++) != 02))
    118 		{
    119 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_BLOCK_TYPE_IS_NOT_02);
    120 		return(-1);
    121 		}
    122 
    123 	/* scan over padding data */
    124 	j=flen-1; /* one for type */
    125 	for (i=0; i<j; i++)
    126 		if (*(p++) == 0) break;
    127 
    128 	if ((i == j) || (i < 8))
    129 		{
    130 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_NULL_BEFORE_BLOCK_MISSING);
    131 		return(-1);
    132 		}
    133 	for (k = -9; k<-1; k++)
    134 		{
    135 		if (p[k] !=  0x03) break;
    136 		}
    137 	if (k == -1)
    138 		{
    139 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_SSLV3_ROLLBACK_ATTACK);
    140 		return(-1);
    141 		}
    142 
    143 	i++; /* Skip over the '\0' */
    144 	j-=i;
    145 	if (j > tlen)
    146 		{
    147 		RSAerr(RSA_F_RSA_PADDING_CHECK_SSLV23,RSA_R_DATA_TOO_LARGE);
    148 		return(-1);
    149 		}
    150 	memcpy(to,p,(unsigned int)j);
    151 
    152 	return(j);
    153 	}
    154 
    155