本文整理汇总了C++中BN_bin2bn函数的典型用法代码示例。如果您正苦于以下问题:C++ BN_bin2bn函数的具体用法?C++ BN_bin2bn怎么用?C++ BN_bin2bn使用的例子?那么恭喜您, 这里精选的函数代码示例或许可以为您提供帮助。
在下文中一共展示了BN_bin2bn函数的15个代码示例,这些例子默认根据受欢迎程度排序。您可以为喜欢或者感觉有用的代码点赞,您的评价将有助于系统推荐出更棒的C++代码示例。
示例1: kexdh_client
void
kexdh_client(Kex *kex)
{
BIGNUM *dh_server_pub = NULL, *shared_secret = NULL;
DH *dh;
Key *server_host_key;
u_char *server_host_key_blob = NULL, *signature = NULL;
u_char *kbuf, *hash;
u_int klen, slen, sbloblen, hashlen;
int kout;
/* generate and send 'e', client DH public key */
switch (kex->kex_type) {
case KEX_DH_GRP1_SHA1:
dh = dh_new_group1();
break;
case KEX_DH_GRP14_SHA1:
dh = dh_new_group14();
break;
default:
fatal("%s: Unexpected KEX type %d", __func__, kex->kex_type);
}
dh_gen_key(dh, kex->we_need * 8);
packet_start(SSH2_MSG_KEXDH_INIT);
packet_put_bignum2(dh->pub_key);
packet_send();
debug("sending SSH2_MSG_KEXDH_INIT");
#ifdef DEBUG_KEXDH
DHparams_print_fp(stderr, dh);
fprintf(stderr, "pub= ");
BN_print_fp(stderr, dh->pub_key);
fprintf(stderr, "\n");
#endif
debug("expecting SSH2_MSG_KEXDH_REPLY");
packet_read_expect(SSH2_MSG_KEXDH_REPLY);
/* key, cert */
server_host_key_blob = packet_get_string(&sbloblen);
server_host_key = key_from_blob(server_host_key_blob, sbloblen);
if (server_host_key == NULL)
fatal("cannot decode server_host_key_blob");
if (server_host_key->type != kex->hostkey_type)
fatal("type mismatch for decoded server_host_key_blob");
if (kex->verify_host_key == NULL)
fatal("cannot verify server_host_key");
if (kex->verify_host_key(server_host_key) == -1)
fatal("server_host_key verification failed");
/* DH parameter f, server public DH key */
if ((dh_server_pub = BN_new()) == NULL)
fatal("dh_server_pub == NULL");
packet_get_bignum2(dh_server_pub);
#ifdef DEBUG_KEXDH
fprintf(stderr, "dh_server_pub= ");
BN_print_fp(stderr, dh_server_pub);
fprintf(stderr, "\n");
debug("bits %d", BN_num_bits(dh_server_pub));
#endif
/* signed H */
signature = packet_get_string(&slen);
packet_check_eom();
if (!dh_pub_is_valid(dh, dh_server_pub))
packet_disconnect("bad server public DH value");
klen = DH_size(dh);
kbuf = xmalloc(klen);
if ((kout = DH_compute_key(kbuf, dh_server_pub, dh)) < 0)
fatal("DH_compute_key: failed");
#ifdef DEBUG_KEXDH
dump_digest("shared secret", kbuf, kout);
#endif
if ((shared_secret = BN_new()) == NULL)
fatal("kexdh_client: BN_new failed");
if (BN_bin2bn(kbuf, kout, shared_secret) == NULL)
fatal("kexdh_client: BN_bin2bn failed");
memset(kbuf, 0, klen);
free(kbuf);
/* calc and verify H */
kex_dh_hash(
kex->client_version_string,
kex->server_version_string,
buffer_ptr(&kex->my), buffer_len(&kex->my),
buffer_ptr(&kex->peer), buffer_len(&kex->peer),
server_host_key_blob, sbloblen,
dh->pub_key,
dh_server_pub,
shared_secret,
&hash, &hashlen
);
free(server_host_key_blob);
BN_clear_free(dh_server_pub);
DH_free(dh);
if (key_verify(server_host_key, signature, slen, hash, hashlen) != 1)
//.........这里部分代码省略.........
示例2: mech_step
static int mech_step(sasl_session_t *p, char *message, size_t len, char **out, size_t *out_len)
{
DH *dh = NULL;
AES_KEY key;
BIGNUM *their_key = NULL;
myuser_t *mu;
char *secret = NULL, *userpw = NULL, *ptr = NULL;
char iv[AES_BLOCK_SIZE];
int ret = ASASL_FAIL;
uint16_t size;
int secret_size;
if (!p->mechdata)
return ASASL_FAIL;
dh = (DH*)p->mechdata;
/* Their pub_key */
if (len <= 2)
goto end;
size = ntohs(*(uint16_t *)message);
message += 2;
len -= 2;
if (size >= len)
goto end;
if ((their_key = BN_bin2bn(message, size, NULL)) == NULL)
goto end;
message += size;
len -= size;
/* Data must be a multiple of the AES block size. (16)
* Verify we also have an IV and at least one block of data.
* Cap at a rather arbitrary limit of 272 (IV + 16 blocks of 16 each).
*/
if (len < sizeof(iv) + AES_BLOCK_SIZE || len % AES_BLOCK_SIZE || len > 272)
goto end;
/* Extract the IV */
memcpy(iv, message, sizeof(iv));
message += sizeof(iv);
len -= sizeof(iv);
/* Compute shared secret */
secret = malloc(DH_size(dh));
secret_size = DH_compute_key(secret, their_key, dh);
if (secret_size <= 0)
goto end;
/* Decrypt! (AES_set_decrypt_key takes bits not bytes, hence multiply
* by 8) */
AES_set_decrypt_key(secret, secret_size * 8, &key);
ptr = userpw = malloc(len + 1);
userpw[len] = '\0';
AES_cbc_encrypt(message, userpw, len, &key, iv, AES_DECRYPT);
/* Username */
size = strlen(ptr);
if (size++ >= NICKLEN) /* our base64 routines null-terminate - how polite */
goto end;
p->username = strdup(ptr);
ptr += size;
len -= size;
if ((mu = myuser_find_by_nick(p->username)) == NULL)
goto end;
/* Password remains */
if (verify_password(mu, ptr))
ret = ASASL_DONE;
end:
if (their_key)
BN_free(their_key);
free(secret);
free(userpw);
return ret;
}
示例3: rsa_ossl_private_encrypt
/* signing */
static int rsa_ossl_private_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret, *res;
int i, num = 0, r = -1;
unsigned char *buf = NULL;
BN_CTX *ctx = NULL;
int local_blinding = 0;
/*
* Used only if the blinding structure is shared. A non-NULL unblind
* instructs rsa_blinding_convert() and rsa_blinding_invert() to store
* the unblinding factor outside the blinding structure.
*/
BIGNUM *unblind = NULL;
BN_BLINDING *blinding = NULL;
if ((ctx = BN_CTX_new()) == NULL)
goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
if (ret == NULL || buf == NULL) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding) {
case RSA_PKCS1_PADDING:
i = RSA_padding_add_PKCS1_type_1(buf, num, from, flen);
break;
case RSA_X931_PADDING:
i = RSA_padding_add_X931(buf, num, from, flen);
break;
case RSA_NO_PADDING:
i = RSA_padding_add_none(buf, num, from, flen);
break;
case RSA_SSLV23_PADDING:
default:
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0)
goto err;
if (BN_bin2bn(buf, num, f) == NULL)
goto err;
if (BN_ucmp(f, rsa->n) >= 0) {
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT,
RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, rsa->lock,
rsa->n, ctx))
goto err;
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (blinding != NULL) {
if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL)) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
if (!rsa_blinding_convert(blinding, f, unblind, ctx))
goto err;
}
if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
(rsa->version == RSA_ASN1_VERSION_MULTI) ||
((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) && (rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx))
goto err;
} else {
BIGNUM *d = BN_new();
if (d == NULL) {
RSAerr(RSA_F_RSA_OSSL_PRIVATE_ENCRYPT, ERR_R_MALLOC_FAILURE);
goto err;
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
if (!rsa->meth->bn_mod_exp(ret, f, d, rsa->n, ctx,
rsa->_method_mod_n)) {
BN_free(d);
goto err;
}
/* We MUST free d before any further use of rsa->d */
//.........这里部分代码省略.........
示例4: StealthSecretSpend
int StealthSecretSpend(ec_secret& scanSecret, ec_point& ephemPubkey, ec_secret& spendSecret, ec_secret& secretOut)
{
/*
c = H(dP)
R' = R + cG [without decrypting wallet]
= (f + c)G [after decryption of wallet]
Remember: mod curve.order, pad with 0x00s where necessary?
*/
int rv = 0;
std::vector<uint8_t> vchOutP;
BN_CTX* bnCtx = NULL;
BIGNUM* bnScanSecret = NULL;
BIGNUM* bnP = NULL;
EC_POINT* P = NULL;
BIGNUM* bnOutP = NULL;
BIGNUM* bnc = NULL;
BIGNUM* bnOrder = NULL;
BIGNUM* bnSpend = NULL;
EC_GROUP* ecgrp = EC_GROUP_new_by_curve_name(NID_secp256k1);
if (!ecgrp)
{
printf("StealthSecretSpend(): EC_GROUP_new_by_curve_name failed.\n");
return 1;
};
if (!(bnCtx = BN_CTX_new()))
{
printf("StealthSecretSpend(): BN_CTX_new failed.\n");
rv = 1;
goto End;
};
if (!(bnScanSecret = BN_bin2bn(&scanSecret.e[0], ec_secret_size, BN_new())))
{
printf("StealthSecretSpend(): bnScanSecret BN_bin2bn failed.\n");
rv = 1;
goto End;
};
if (!(bnP = BN_bin2bn(&ephemPubkey[0], ephemPubkey.size(), BN_new())))
{
printf("StealthSecretSpend(): bnP BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(P = EC_POINT_bn2point(ecgrp, bnP, NULL, bnCtx)))
{
printf("StealthSecretSpend(): P EC_POINT_bn2point failed\n");
rv = 1;
goto End;
};
// -- dP
if (!EC_POINT_mul(ecgrp, P, NULL, P, bnScanSecret, bnCtx))
{
printf("StealthSecretSpend(): dP EC_POINT_mul failed\n");
rv = 1;
goto End;
};
if (!(bnOutP = EC_POINT_point2bn(ecgrp, P, POINT_CONVERSION_COMPRESSED, BN_new(), bnCtx)))
{
printf("StealthSecretSpend(): P EC_POINT_bn2point failed\n");
rv = 1;
goto End;
};
vchOutP.resize(ec_compressed_size);
if (BN_num_bytes(bnOutP) != (int) ec_compressed_size
|| BN_bn2bin(bnOutP, &vchOutP[0]) != (int) ec_compressed_size)
{
printf("StealthSecretSpend(): bnOutP incorrect length.\n");
rv = 1;
goto End;
};
uint8_t hash1[32];
SHA256(&vchOutP[0], vchOutP.size(), (uint8_t*)hash1);
if (!(bnc = BN_bin2bn(&hash1[0], 32, BN_new())))
{
printf("StealthSecretSpend(): BN_bin2bn failed\n");
rv = 1;
goto End;
};
if (!(bnOrder = BN_new())
|| !EC_GROUP_get_order(ecgrp, bnOrder, bnCtx))
{
printf("StealthSecretSpend(): EC_GROUP_get_order failed\n");
rv = 1;
goto End;
//.........这里部分代码省略.........
示例5: opensslrsa_parse
//.........这里部分代码省略.........
RSA_free(rsa);
#else
key->keydata.rsa = rsa;
EVP_PKEY_free(pkey);
#endif
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
return (ISC_R_SUCCESS);
#else
DST_RET(DST_R_NOENGINE);
#endif
}
rsa = RSA_new();
if (rsa == NULL)
DST_RET(ISC_R_NOMEMORY);
SET_FLAGS(rsa);
#if USE_EVP
pkey = EVP_PKEY_new();
if (pkey == NULL)
DST_RET(ISC_R_NOMEMORY);
if (!EVP_PKEY_set1_RSA(pkey, rsa))
DST_RET(ISC_R_FAILURE);
key->keydata.pkey = pkey;
#else
key->keydata.rsa = rsa;
#endif
for (i = 0; i < priv.nelements; i++) {
BIGNUM *bn;
switch (priv.elements[i].tag) {
case TAG_RSA_ENGINE:
continue;
case TAG_RSA_LABEL:
continue;
case TAG_RSA_PIN:
continue;
default:
bn = BN_bin2bn(priv.elements[i].data,
priv.elements[i].length, NULL);
if (bn == NULL)
DST_RET(ISC_R_NOMEMORY);
}
switch (priv.elements[i].tag) {
case TAG_RSA_MODULUS:
rsa->n = bn;
break;
case TAG_RSA_PUBLICEXPONENT:
rsa->e = bn;
break;
case TAG_RSA_PRIVATEEXPONENT:
rsa->d = bn;
break;
case TAG_RSA_PRIME1:
rsa->p = bn;
break;
case TAG_RSA_PRIME2:
rsa->q = bn;
break;
case TAG_RSA_EXPONENT1:
rsa->dmp1 = bn;
break;
case TAG_RSA_EXPONENT2:
rsa->dmq1 = bn;
break;
case TAG_RSA_COEFFICIENT:
rsa->iqmp = bn;
break;
}
}
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
if (rsa_check(rsa, pubrsa) != ISC_R_SUCCESS)
DST_RET(DST_R_INVALIDPRIVATEKEY);
key->key_size = BN_num_bits(rsa->n);
if (pubrsa != NULL)
RSA_free(pubrsa);
#if USE_EVP
RSA_free(rsa);
#endif
return (ISC_R_SUCCESS);
err:
#if USE_EVP
if (pkey != NULL)
EVP_PKEY_free(pkey);
#endif
if (rsa != NULL)
RSA_free(rsa);
if (pubrsa != NULL)
RSA_free(pubrsa);
opensslrsa_destroy(key);
dst__privstruct_free(&priv, mctx);
memset(&priv, 0, sizeof(priv));
return (ret);
}
示例6: RSA_eay_private_decrypt
static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f, *ret;
int j,num=0,r= -1;
unsigned char *p;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
int local_blinding = 0;
/* Used only if the blinding structure is shared. A non-NULL unblind
* instructs rsa_blinding_convert() and rsa_blinding_invert() to store
* the unblinding factor outside the blinding structure. */
BIGNUM *unblind = NULL;
BN_BLINDING *blinding = NULL;
if((ctx = BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
ret = BN_CTX_get(ctx);
num = BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
if(!f || !ret || !buf)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
/* This check was for equality but PGP does evil things
* and chops off the top '0' bytes */
if (flen > num)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_GREATER_THAN_MOD_LEN);
goto err;
}
/* make data into a big number */
if (BN_bin2bn(from,(int)flen,f) == NULL) goto err;
if (BN_ucmp(f, rsa->n) >= 0)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (!(rsa->flags & RSA_FLAG_NO_BLINDING))
{
blinding = rsa_get_blinding(rsa, &local_blinding, ctx);
if (blinding == NULL)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT, ERR_R_INTERNAL_ERROR);
goto err;
}
}
if (blinding != NULL)
{
if (!local_blinding && ((unblind = BN_CTX_get(ctx)) == NULL))
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
if (!rsa_blinding_convert(blinding, f, unblind, ctx))
goto err;
}
/* do the decrypt */
if ( (rsa->flags & RSA_FLAG_EXT_PKEY) ||
((rsa->p != NULL) &&
(rsa->q != NULL) &&
(rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) &&
(rsa->iqmp != NULL)) )
{
if (!rsa->meth->rsa_mod_exp(ret, f, rsa, ctx)) goto err;
}
else
{
BIGNUM *d = NULL, *local_d = NULL;
if (!(rsa->flags & RSA_FLAG_NO_CONSTTIME))
{
local_d = d = BN_new();
if(!d)
{
RSAerr(RSA_F_RSA_EAY_PRIVATE_DECRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
}
else
d = rsa->d;
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
{
if(local_d) BN_free(local_d);
goto err;
}
if (!rsa->meth->bn_mod_exp(ret,f,d,rsa->n,ctx,
rsa->_method_mod_n))
//.........这里部分代码省略.........
示例7: mech_step
static int mech_step(sasl_session_t *p, char *message, int len, char **out, int *out_len)
{
DH *dh = NULL;
BF_KEY key;
BIGNUM *their_key = NULL;
myuser_t *mu;
char *ptr, *secret = NULL, *password = NULL;
int size, ret = ASASL_FAIL;
if (!p->mechdata)
return ASASL_FAIL;
dh = (DH*)p->mechdata;
/* Their pub_key */
if (len < 2)
goto end;
size = ntohs(*(unsigned int*)message);
message += 2;
len -= 2;
if (size > len)
goto end;
if ((their_key = BN_bin2bn((unsigned char *)message, size, NULL)) == NULL)
goto end;
message += size;
len -= size;
/* Username */
size = strlen(message);
if (size >= NICKLEN) /* our base64 routines null-terminate - how polite */
goto end;
p->username = strdup(message);
message += size + 1;
len -= size + 1;
if ((mu = myuser_find_by_nick(p->username)) == NULL)
goto end;
/* AES-encrypted password remains */
/* Compute shared secret */
secret = (char*)malloc(DH_size(dh));
if ((size = DH_compute_key((unsigned char *)secret, their_key, dh)) == -1)
goto end;
/* Data must be multiple of block size, and let's be reasonable about size */
if (len == 0 || len % 8 || len > 128)
goto end;
/* Decrypt! */
BF_set_key(&key, size, (unsigned char *)secret);
ptr = password = (char*)malloc(len + 1);
password[len] = '\0';
while (len)
{
BF_ecb_encrypt((unsigned char *)message, (unsigned char *)ptr, &key, BF_DECRYPT);
message += 8;
ptr += 8;
len -= 8;
}
if (verify_password(mu, password))
ret = ASASL_DONE;
end:
if (their_key)
BN_free(their_key);
free(secret);
free(password);
return ret;
}
示例8: rsa_default_verify_raw
int rsa_default_verify_raw(RSA *rsa, size_t *out_len, uint8_t *out,
size_t max_out, const uint8_t *in, size_t in_len,
int padding) {
const unsigned rsa_size = RSA_size(rsa);
BIGNUM *f, *result;
int ret = 0;
int r = -1;
uint8_t *buf = NULL;
BN_CTX *ctx = NULL;
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS) {
OPENSSL_PUT_ERROR(RSA, RSA_R_MODULUS_TOO_LARGE);
return 0;
}
if (BN_ucmp(rsa->n, rsa->e) <= 0) {
OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
return 0;
}
if (max_out < rsa_size) {
OPENSSL_PUT_ERROR(RSA, RSA_R_OUTPUT_BUFFER_TOO_SMALL);
return 0;
}
/* for large moduli, enforce exponent limit */
if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS &&
BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS) {
OPENSSL_PUT_ERROR(RSA, RSA_R_BAD_E_VALUE);
return 0;
}
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if (padding == RSA_NO_PADDING) {
buf = out;
} else {
/* Allocate a temporary buffer to hold the padded plaintext. */
buf = OPENSSL_malloc(rsa_size);
if (buf == NULL) {
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
goto err;
}
}
if (!f || !result) {
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
goto err;
}
if (in_len != rsa_size) {
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_LEN_NOT_EQUAL_TO_MOD_LEN);
goto err;
}
if (BN_bin2bn(in, in_len, f) == NULL) {
goto err;
}
if (BN_ucmp(f, rsa->n) >= 0) {
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) {
if (BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) == NULL) {
goto err;
}
}
if (!rsa->meth->bn_mod_exp(result, f, rsa->e, rsa->n, ctx, rsa->mont_n)) {
goto err;
}
if (!BN_bn2bin_padded(buf, rsa_size, result)) {
OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
goto err;
}
switch (padding) {
case RSA_PKCS1_PADDING:
r = RSA_padding_check_PKCS1_type_1(out, rsa_size, buf, rsa_size);
break;
case RSA_NO_PADDING:
r = rsa_size;
break;
default:
OPENSSL_PUT_ERROR(RSA, RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (r < 0) {
OPENSSL_PUT_ERROR(RSA, RSA_R_PADDING_CHECK_FAILED);
} else {
*out_len = r;
//.........这里部分代码省略.........
示例9: rsa_default_private_transform
int rsa_default_private_transform(RSA *rsa, uint8_t *out, const uint8_t *in,
size_t len) {
BIGNUM *f, *result;
BN_CTX *ctx = NULL;
unsigned blinding_index = 0;
BN_BLINDING *blinding = NULL;
int ret = 0;
ctx = BN_CTX_new();
if (ctx == NULL) {
goto err;
}
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
result = BN_CTX_get(ctx);
if (f == NULL || result == NULL) {
OPENSSL_PUT_ERROR(RSA, ERR_R_MALLOC_FAILURE);
goto err;
}
if (BN_bin2bn(in, len, f) == NULL) {
goto err;
}
if (BN_ucmp(f, rsa->n) >= 0) {
/* Usually the padding functions would catch this. */
OPENSSL_PUT_ERROR(RSA, RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (!(rsa->flags & RSA_FLAG_NO_BLINDING)) {
blinding = rsa_blinding_get(rsa, &blinding_index, ctx);
if (blinding == NULL) {
OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
goto err;
}
if (!BN_BLINDING_convert_ex(f, NULL, blinding, ctx)) {
goto err;
}
}
if ((rsa->flags & RSA_FLAG_EXT_PKEY) ||
((rsa->p != NULL) && (rsa->q != NULL) && (rsa->dmp1 != NULL) &&
(rsa->dmq1 != NULL) && (rsa->iqmp != NULL))) {
if (!rsa->meth->mod_exp(result, f, rsa, ctx)) {
goto err;
}
} else {
BIGNUM local_d;
BIGNUM *d = NULL;
BN_init(&local_d);
d = &local_d;
BN_with_flags(d, rsa->d, BN_FLG_CONSTTIME);
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC) {
if (BN_MONT_CTX_set_locked(&rsa->mont_n, &rsa->lock, rsa->n, ctx) ==
NULL) {
goto err;
}
}
if (!rsa->meth->bn_mod_exp(result, f, d, rsa->n, ctx, rsa->mont_n)) {
goto err;
}
}
if (blinding) {
if (!BN_BLINDING_invert_ex(result, NULL, blinding, ctx)) {
goto err;
}
}
if (!BN_bn2bin_padded(out, len, result)) {
OPENSSL_PUT_ERROR(RSA, ERR_R_INTERNAL_ERROR);
goto err;
}
ret = 1;
err:
if (ctx != NULL) {
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (blinding != NULL) {
rsa_blinding_release(rsa, blinding, blinding_index);
}
return ret;
}
示例10: RSA_set_RSAPRIVATEKEYBLOB
int RSA_set_RSAPRIVATEKEYBLOB(RSA *rsa, const RSAPRIVATEKEYBLOB *blob)
{
int ret = 0;
BIGNUM *n = NULL;
BIGNUM *e = NULL;
BIGNUM *d = NULL;
BIGNUM *p = NULL;
BIGNUM *q = NULL;
BIGNUM *dmp1 = NULL;
BIGNUM *dmq1 = NULL;
BIGNUM *iqmp = NULL;
if (!rsa || !blob) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (blob->AlgID != SGD_RSA) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB,
GMAPI_R_INVALID_ALGOR);
return 0;
}
if (blob->BitLen < OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
|| blob->BitLen > sizeof(blob->Modulus) * 8
|| blob->BitLen % 8 != 0
|| blob->BitLen % 16 != 0) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB,
ERR_R_PASSED_NULL_PARAMETER);
return 0;
}
if (!(n = BN_bin2bn(blob->Modulus, sizeof(blob->Modulus), NULL))
|| !(e = BN_bin2bn(blob->PublicExponent, sizeof(blob->PublicExponent), NULL))
|| !(d = BN_bin2bn(blob->PrivateExponent, sizeof(blob->PrivateExponent), NULL))
|| !(p = BN_bin2bn(blob->Prime1, sizeof(blob->Prime1), NULL))
|| !(q = BN_bin2bn(blob->Prime2, sizeof(blob->Prime2), NULL))
|| !(dmp1 = BN_bin2bn(blob->Prime1Exponent, sizeof(blob->Prime1Exponent), NULL))
|| !(dmq1 = BN_bin2bn(blob->Prime2Exponent, sizeof(blob->Prime2Exponent), NULL))
|| !(iqmp = BN_bin2bn(blob->Coefficient, sizeof(blob->Coefficient), NULL))) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB, ERR_R_BN_LIB);
goto end;
}
if (!RSA_set0_key(rsa, n, e, d)) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB,
GMAPI_R_INVALID_RSA_PRIVATE_KEY);
goto end;
}
n = NULL;
e = NULL;
d = NULL;
if (!RSA_set0_factors(rsa, p, q)) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB,
GMAPI_R_INVALID_RSA_PRIVATE_KEY);
goto end;
}
p = NULL;
q = NULL;
if (!RSA_set0_crt_params(rsa, dmp1, dmq1, iqmp)) {
GMAPIerr(GMAPI_F_RSA_SET_RSAPRIVATEKEYBLOB,
GMAPI_R_INVALID_RSA_PRIVATE_KEY);
goto end;
}
dmp1 = NULL;
dmq1 = NULL;
iqmp = NULL;
ret = 1;
end:
BN_free(n);
BN_free(e);
BN_free(d);
BN_free(p);
BN_free(q);
BN_free(dmp1);
BN_free(dmq1);
BN_free(iqmp);
return ret;
}
示例11: DSA_new
/*
* These parameters are from test/recipes/04-test_pem_data/dsaparam.pem,
* converted using dsaparam -C
*/
static DSA *load_dsa_params(void)
{
static unsigned char dsap_2048[] = {
0xAE, 0x35, 0x7D, 0x4E, 0x1D, 0x96, 0xE2, 0x9F, 0x00, 0x96,
0x60, 0x5A, 0x6E, 0x4D, 0x07, 0x8D, 0xA5, 0x7C, 0xBC, 0xF9,
0xAD, 0xD7, 0x9F, 0xD5, 0xE9, 0xEE, 0xA6, 0x33, 0x51, 0xDE,
0x7B, 0x72, 0xD2, 0x75, 0xAA, 0x71, 0x77, 0xF1, 0x63, 0xFB,
0xB6, 0xEC, 0x5A, 0xBA, 0x0D, 0x72, 0xA2, 0x1A, 0x1C, 0x64,
0xB8, 0xE5, 0x89, 0x09, 0x6D, 0xC9, 0x6F, 0x0B, 0x7F, 0xD2,
0xCE, 0x9F, 0xEF, 0x87, 0x5A, 0xB6, 0x67, 0x2F, 0xEF, 0xEE,
0xEB, 0x59, 0xF5, 0x5E, 0xFF, 0xA8, 0x28, 0x84, 0x9E, 0x5B,
0x37, 0x09, 0x11, 0x80, 0x7C, 0x08, 0x5C, 0xD5, 0xE1, 0x48,
0x4B, 0xD2, 0x68, 0xFB, 0x3F, 0x9F, 0x2B, 0x6B, 0x6C, 0x0D,
0x48, 0x1B, 0x1A, 0x80, 0xC2, 0xEB, 0x11, 0x1B, 0x37, 0x79,
0xD6, 0x8C, 0x8B, 0x72, 0x3E, 0x67, 0xA5, 0x05, 0x0E, 0x41,
0x8A, 0x9E, 0x35, 0x50, 0xB4, 0xD2, 0x40, 0x27, 0x6B, 0xFD,
0xE0, 0x64, 0x6B, 0x5B, 0x38, 0x42, 0x94, 0xB5, 0x49, 0xDA,
0xEF, 0x6E, 0x78, 0x37, 0xCD, 0x30, 0x89, 0xC3, 0x45, 0x50,
0x7B, 0x9C, 0x8C, 0xE7, 0x1C, 0x98, 0x70, 0x71, 0x5D, 0x79,
0x5F, 0xEF, 0xE8, 0x94, 0x85, 0x53, 0x3E, 0xEF, 0xA3, 0x2C,
0xCE, 0x1A, 0xAB, 0x7D, 0xD6, 0x5E, 0x14, 0xCD, 0x51, 0x54,
0x89, 0x9D, 0x77, 0xE4, 0xF8, 0x22, 0xF0, 0x35, 0x10, 0x75,
0x05, 0x71, 0x51, 0x4F, 0x8C, 0x4C, 0x5C, 0x0D, 0x2C, 0x2C,
0xBE, 0x6C, 0x34, 0xEE, 0x12, 0x82, 0x87, 0x03, 0x19, 0x06,
0x12, 0xA8, 0xAA, 0xF4, 0x0D, 0x3C, 0x49, 0xCC, 0x70, 0x5A,
0xD8, 0x32, 0xEE, 0x32, 0x50, 0x85, 0x70, 0xE8, 0x18, 0xFD,
0x74, 0x80, 0x53, 0x32, 0x57, 0xEE, 0x50, 0xC9, 0xAE, 0xEB,
0xAE, 0xB6, 0x22, 0x32, 0x16, 0x6B, 0x8C, 0x59, 0xDA, 0xEE,
0x1D, 0x33, 0xDF, 0x4C, 0xA2, 0x3D
};
static unsigned char dsaq_2048[] = {
0xAD, 0x2D, 0x6E, 0x17, 0xB0, 0xF3, 0xEB, 0xC7, 0xB8, 0xEE,
0x95, 0x78, 0xF2, 0x17, 0xF5, 0x33, 0x01, 0x67, 0xBC, 0xDE,
0x93, 0xFF, 0xEE, 0x40, 0xE8, 0x7F, 0xF1, 0x93, 0x6D, 0x4B,
0x87, 0x13
};
static unsigned char dsag_2048[] = {
0x66, 0x6F, 0xDA, 0x63, 0xA5, 0x8E, 0xD2, 0x4C, 0xD5, 0x45,
0x2D, 0x76, 0x5D, 0x5F, 0xCD, 0x4A, 0xB4, 0x1A, 0x42, 0x35,
0x86, 0x3A, 0x6F, 0xA9, 0xFA, 0x27, 0xAB, 0xDE, 0x03, 0x21,
0x36, 0x0A, 0x07, 0x29, 0xC9, 0x2F, 0x6D, 0x49, 0xA8, 0xF7,
0xC6, 0xF4, 0x92, 0xD7, 0x73, 0xC1, 0xD8, 0x76, 0x0E, 0x61,
0xA7, 0x0B, 0x6E, 0x96, 0xB8, 0xC8, 0xCB, 0x38, 0x35, 0x12,
0x20, 0x79, 0xA5, 0x08, 0x28, 0x35, 0x5C, 0xBC, 0x52, 0x16,
0xAF, 0x52, 0xBA, 0x0F, 0xC3, 0xB1, 0x63, 0x12, 0x27, 0x0B,
0x74, 0xA4, 0x47, 0x43, 0xD6, 0x30, 0xB8, 0x9C, 0x2E, 0x40,
0x14, 0xCD, 0x99, 0x7F, 0xE8, 0x8E, 0x37, 0xB0, 0xA9, 0x3F,
0x54, 0xE9, 0x66, 0x22, 0x61, 0x4C, 0xF8, 0x49, 0x03, 0x57,
0x14, 0x32, 0x1D, 0x37, 0x3D, 0xE2, 0x92, 0xF8, 0x8E, 0xA0,
0x6A, 0x66, 0x63, 0xF0, 0xB0, 0x6E, 0x07, 0x2B, 0x3D, 0xBF,
0xD0, 0x84, 0x6A, 0xAA, 0x1F, 0x30, 0x77, 0x65, 0xE5, 0xFC,
0xF5, 0xEC, 0x55, 0xCE, 0x73, 0xDB, 0xBE, 0xA7, 0x8D, 0x3A,
0x9F, 0x7A, 0xED, 0x4F, 0xAF, 0xA2, 0x80, 0x4C, 0x30, 0x9E,
0x28, 0x49, 0x65, 0x40, 0xF0, 0x03, 0x45, 0x56, 0x99, 0xA2,
0x93, 0x1B, 0x9C, 0x46, 0xDE, 0xBD, 0xA8, 0xAB, 0x5F, 0x90,
0x3F, 0xB7, 0x3F, 0xD4, 0x6F, 0x8D, 0x5A, 0x30, 0xE1, 0xD4,
0x63, 0x3A, 0x6A, 0x7C, 0x8F, 0x24, 0xFC, 0xD9, 0x14, 0x28,
0x09, 0xE4, 0x84, 0x4E, 0x17, 0x43, 0x56, 0xB8, 0xD4, 0x4B,
0xA2, 0x29, 0x45, 0xD3, 0x13, 0xF0, 0xC2, 0x76, 0x9B, 0x01,
0xA0, 0x80, 0x6E, 0x93, 0x63, 0x5E, 0x87, 0x24, 0x20, 0x2A,
0xFF, 0xBB, 0x9F, 0xA8, 0x99, 0x6C, 0xA7, 0x9A, 0x00, 0xB9,
0x7D, 0xDA, 0x66, 0xC9, 0xC0, 0x72, 0x72, 0x22, 0x0F, 0x1A,
0xCC, 0x23, 0xD9, 0xB7, 0x5F, 0x1B
};
DSA *dsa = DSA_new();
BIGNUM *p, *q, *g;
if (dsa == NULL)
return NULL;
if (!DSA_set0_pqg(dsa, p = BN_bin2bn(dsap_2048, sizeof(dsap_2048), NULL),
q = BN_bin2bn(dsaq_2048, sizeof(dsaq_2048), NULL),
g = BN_bin2bn(dsag_2048, sizeof(dsag_2048), NULL))) {
DSA_free(dsa);
BN_free(p);
BN_free(q);
BN_free(g);
return NULL;
}
return dsa;
}
示例12: run_rfc5114_tests
static int run_rfc5114_tests(void) {
int i;
DH *dhA = NULL, *dhB = NULL;
unsigned char *Z1 = NULL, *Z2 = NULL;
for (i = 0; i < (int)(sizeof(rfctd) / sizeof(rfc5114_td)); i++) {
const rfc5114_td *td = rfctd + i;
/* Set up DH structures setting key components */
dhA = td->get_param(NULL);
dhB = td->get_param(NULL);
if (!dhA || !dhB) {
goto bad_err;
}
dhA->priv_key = BN_bin2bn(td->xA, td->xA_len, NULL);
dhA->pub_key = BN_bin2bn(td->yA, td->yA_len, NULL);
dhB->priv_key = BN_bin2bn(td->xB, td->xB_len, NULL);
dhB->pub_key = BN_bin2bn(td->yB, td->yB_len, NULL);
if (!dhA->priv_key || !dhA->pub_key || !dhB->priv_key || !dhB->pub_key) {
goto bad_err;
}
if ((td->Z_len != (size_t)DH_size(dhA)) ||
(td->Z_len != (size_t)DH_size(dhB))) {
goto err;
}
Z1 = OPENSSL_malloc(DH_size(dhA));
Z2 = OPENSSL_malloc(DH_size(dhB));
/* Work out shared secrets using both sides and compare
* with expected values.
*/
if (!DH_compute_key(Z1, dhB->pub_key, dhA) ||
!DH_compute_key(Z2, dhA->pub_key, dhB)) {
goto bad_err;
}
if (memcmp(Z1, td->Z, td->Z_len) ||
memcmp(Z2, td->Z, td->Z_len)) {
goto err;
}
printf("RFC5114 parameter test %d OK\n", i + 1);
DH_free(dhA);
dhA = NULL;
DH_free(dhB);
dhB = NULL;
OPENSSL_free(Z1);
Z1 = NULL;
OPENSSL_free(Z2);
Z2 = NULL;
}
printf("PASS\n");
return 1;
bad_err:
fprintf(stderr, "Initalisation error RFC5114 set %d\n", i + 1);
ERR_print_errors_fp(stderr);
err:
if (Z1 != NULL) {
OPENSSL_free(Z1);
}
if (Z2 != NULL) {
OPENSSL_free(Z2);
}
if (dhA != NULL) {
DH_free(dhA);
}
if (dhB != NULL) {
DH_free(dhB);
}
fprintf(stderr, "Test failed RFC5114 set %d\n", i + 1);
return 0;
}
示例13: dnskey_build_pkey
int dnskey_build_pkey(struct rr_dnskey *rr)
{
if (rr->pkey_built)
return rr->pkey ? 1 : 0;
rr->pkey_built = 1;
if (algorithm_type(rr->algorithm) == ALG_RSA_FAMILY) {
RSA *rsa;
EVP_PKEY *pkey;
unsigned int e_bytes;
unsigned char *pk;
int l;
rsa = RSA_new();
if (!rsa)
goto done;
pk = (unsigned char *)rr->pubkey.data;
l = rr->pubkey.length;
e_bytes = *pk++;
l--;
if (e_bytes == 0) {
if (l < 2) /* public key is too short */
goto done;
e_bytes = (*pk++) << 8;
e_bytes += *pk++;
l -= 2;
}
if (l < e_bytes) /* public key is too short */
goto done;
rsa->e = BN_bin2bn(pk, e_bytes, NULL);
pk += e_bytes;
l -= e_bytes;
rsa->n = BN_bin2bn(pk, l, NULL);
pkey = EVP_PKEY_new();
if (!pkey)
goto done;
if (!EVP_PKEY_set1_RSA(pkey, rsa))
goto done;
rr->pkey = pkey;
} else if (algorithm_type(rr->algorithm) == ALG_ECC_FAMILY) {
EC_KEY *pubeckey;
EVP_PKEY *pkey;
unsigned char *pk;
int l;
BIGNUM *bn_x = NULL;
BIGNUM *bn_y = NULL;
if (rr->algorithm == ALG_ECDSAP256SHA256) {
l = SHA256_DIGEST_LENGTH;
pubeckey = EC_KEY_new_by_curve_name(NID_X9_62_prime256v1);
} else if (rr->algorithm == ALG_ECDSAP384SHA384) {
l = SHA384_DIGEST_LENGTH;
pubeckey = EC_KEY_new_by_curve_name(NID_secp384r1);
} else {
goto done;
}
if (!pubeckey)
goto done;
if (rr->pubkey.length != 2*l) {
goto done;
}
pk = (unsigned char *)rr->pubkey.data;
bn_x = BN_bin2bn(pk, l, NULL);
bn_y = BN_bin2bn(&pk[l], l, NULL);
if (1 != EC_KEY_set_public_key_affine_coordinates(pubeckey, bn_x, bn_y)) {
goto done;
}
pkey = EVP_PKEY_new();
if (!pkey)
goto done;
if (!EVP_PKEY_assign_EC_KEY(pkey, pubeckey))
goto done;
rr->pkey = pkey;
}
done:
if (!rr->pkey) {
moan(rr->rr.file_name, rr->rr.line, "error building pkey");
}
return rr->pkey ? 1 : 0;
}
示例14: eap_pwd_perform_commit_exchange
static struct wpabuf *
eap_pwd_perform_commit_exchange(struct eap_sm *sm, struct eap_pwd_data *data,
struct eap_method_ret *ret,
const struct wpabuf *reqData,
const u8 *payload, size_t payload_len)
{
struct wpabuf *resp = NULL;
EC_POINT *K = NULL, *point = NULL;
BIGNUM *mask = NULL, *x = NULL, *y = NULL, *cofactor = NULL;
u16 offset;
u8 *ptr, *scalar = NULL, *element = NULL;
if (((data->private_value = BN_new()) == NULL) ||
((data->my_element = EC_POINT_new(data->grp->group)) == NULL) ||
((cofactor = BN_new()) == NULL) ||
((data->my_scalar = BN_new()) == NULL) ||
((mask = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): scalar allocation fail");
goto fin;
}
if (!EC_GROUP_get_cofactor(data->grp->group, cofactor, NULL)) {
wpa_printf(MSG_INFO, "EAP-pwd (peer): unable to get cofactor "
"for curve");
goto fin;
}
BN_rand_range(data->private_value, data->grp->order);
BN_rand_range(mask, data->grp->order);
BN_add(data->my_scalar, data->private_value, mask);
BN_mod(data->my_scalar, data->my_scalar, data->grp->order,
data->bnctx);
if (!EC_POINT_mul(data->grp->group, data->my_element, NULL,
data->grp->pwe, mask, data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): element allocation "
"fail");
eap_pwd_state(data, FAILURE);
goto fin;
}
if (!EC_POINT_invert(data->grp->group, data->my_element, data->bnctx))
{
wpa_printf(MSG_INFO, "EAP-PWD (peer): element inversion fail");
goto fin;
}
BN_free(mask);
if (((x = BN_new()) == NULL) ||
((y = BN_new()) == NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): point allocation fail");
goto fin;
}
/* process the request */
if (((data->server_scalar = BN_new()) == NULL) ||
((data->k = BN_new()) == NULL) ||
((K = EC_POINT_new(data->grp->group)) == NULL) ||
((point = EC_POINT_new(data->grp->group)) == NULL) ||
((data->server_element = EC_POINT_new(data->grp->group)) == NULL))
{
wpa_printf(MSG_INFO, "EAP-PWD (peer): peer data allocation "
"fail");
goto fin;
}
/* element, x then y, followed by scalar */
ptr = (u8 *) payload;
BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), x);
ptr += BN_num_bytes(data->grp->prime);
BN_bin2bn(ptr, BN_num_bytes(data->grp->prime), y);
ptr += BN_num_bytes(data->grp->prime);
BN_bin2bn(ptr, BN_num_bytes(data->grp->order), data->server_scalar);
if (!EC_POINT_set_affine_coordinates_GFp(data->grp->group,
data->server_element, x, y,
data->bnctx)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): setting peer element "
"fail");
goto fin;
}
/* check to ensure server's element is not in a small sub-group */
if (BN_cmp(cofactor, BN_value_one())) {
if (!EC_POINT_mul(data->grp->group, point, NULL,
data->server_element, cofactor, NULL)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): cannot multiply "
"server element by order!\n");
goto fin;
}
if (EC_POINT_is_at_infinity(data->grp->group, point)) {
wpa_printf(MSG_INFO, "EAP-PWD (peer): server element "
"is at infinity!\n");
goto fin;
}
}
/* compute the shared key, k */
if ((!EC_POINT_mul(data->grp->group, K, NULL, data->grp->pwe,
data->server_scalar, data->bnctx)) ||
(!EC_POINT_add(data->grp->group, K, K, data->server_element,
//.........这里部分代码省略.........
示例15: RSA_eay_public_encrypt
static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned char *to, RSA *rsa, int padding)
{
BIGNUM *f,*ret;
int i,j,k,num=0,r= -1;
unsigned char *buf=NULL;
BN_CTX *ctx=NULL;
if (BN_num_bits(rsa->n) > OPENSSL_RSA_MAX_MODULUS_BITS)
{
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_MODULUS_TOO_LARGE);
return -1;
}
if (BN_ucmp(rsa->n, rsa->e) <= 0)
{
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
return -1;
}
/* for large moduli, enforce exponent limit */
if (BN_num_bits(rsa->n) > OPENSSL_RSA_SMALL_MODULUS_BITS)
{
if (BN_num_bits(rsa->e) > OPENSSL_RSA_MAX_PUBEXP_BITS)
{
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT, RSA_R_BAD_E_VALUE);
return -1;
}
}
if ((ctx=BN_CTX_new()) == NULL) goto err;
BN_CTX_start(ctx);
f = BN_CTX_get(ctx);
ret = BN_CTX_get(ctx);
num=BN_num_bytes(rsa->n);
buf = OPENSSL_malloc(num);
if (!f || !ret || !buf)
{
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,ERR_R_MALLOC_FAILURE);
goto err;
}
switch (padding)
{
case RSA_PKCS1_PADDING:
i=RSA_padding_add_PKCS1_type_2(buf,num,from,flen);
break;
#ifndef OPENSSL_NO_SHA
case RSA_PKCS1_OAEP_PADDING:
i=RSA_padding_add_PKCS1_OAEP(buf,num,from,flen,NULL,0);
break;
#endif
case RSA_SSLV23_PADDING:
i=RSA_padding_add_SSLv23(buf,num,from,flen);
break;
case RSA_NO_PADDING:
i=RSA_padding_add_none(buf,num,from,flen);
break;
default:
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_UNKNOWN_PADDING_TYPE);
goto err;
}
if (i <= 0) goto err;
if (BN_bin2bn(buf,num,f) == NULL) goto err;
if (BN_ucmp(f, rsa->n) >= 0)
{
/* usually the padding functions would catch this */
RSAerr(RSA_F_RSA_EAY_PUBLIC_ENCRYPT,RSA_R_DATA_TOO_LARGE_FOR_MODULUS);
goto err;
}
if (rsa->flags & RSA_FLAG_CACHE_PUBLIC)
if (!BN_MONT_CTX_set_locked(&rsa->_method_mod_n, CRYPTO_LOCK_RSA, rsa->n, ctx))
goto err;
if (!rsa->meth->bn_mod_exp(ret,f,rsa->e,rsa->n,ctx,
rsa->_method_mod_n)) goto err;
/* put in leading 0 bytes if the number is less than the
* length of the modulus */
j=BN_num_bytes(ret);
i=BN_bn2bin(ret,&(to[num-j]));
for (k=0; k<(num-i); k++)
to[k]=0;
r=num;
err:
if (ctx != NULL)
{
BN_CTX_end(ctx);
BN_CTX_free(ctx);
}
if (buf != NULL)
{
OPENSSL_cleanse(buf,num);
OPENSSL_free(buf);
}
return(r);
//.........这里部分代码省略.........