New function RSA_check_key,

openssl rsa -check

CHANGES

@@ -4,6 +4,10 @@
 
  Changes between 0.9.3a and 0.9.4
 
+  *) New function RSA_check_key and new openssl rsa option -check
+     for verifying the consistency of RSA keys.
+     [Ulf Moeller, Bodo Moeller]
+
   *) Various changes to make Win32 compile work: 
      1. Casts to avoid "loss of data" warnings in p5_crpt2.c
      2. Change unsigned int to int in b_dump.c to avoid "signed/unsigned

apps/rsa.c

@@ -81,6 +81,7 @@
  * -idea	- encrypt output if PEM format
  * -text	- print a text version
  * -modulus	- print the RSA key modulus
+ * -check	- verify key consistency
  */
 
 int MAIN(int argc, char **argv)
@@ -90,7 +91,7 @@ int MAIN(int argc, char **argv)
 	int i,badops=0;
 	const EVP_CIPHER *enc=NULL;
 	BIO *in=NULL,*out=NULL;
-	int informat,outformat,text=0,noout=0;
+	int informat,outformat,text=0,check=0,noout=0;
 	char *infile,*outfile,*prog;
 	int modulus=0;
 
@@ -136,6 +137,8 @@ int MAIN(int argc, char **argv)
 			text=1;
 		else if (strcmp(*argv,"-modulus") == 0)
 			modulus=1;
+		else if (strcmp(*argv,"-check") == 0)
+			check=1;
 		else if ((enc=EVP_get_cipherbyname(&(argv[0][1]))) == NULL)
 			{
 			BIO_printf(bio_err,"unknown option %s\n",*argv);
@@ -163,6 +166,7 @@ bad:
 		BIO_printf(bio_err," -text         print the key in text\n");
 		BIO_printf(bio_err," -noout        don't print key out\n");
 		BIO_printf(bio_err," -modulus      print the RSA key modulus\n");
+		BIO_printf(bio_err," -check        verify key consistency\n");
 		goto end;
 		}
 
@@ -257,6 +261,28 @@ bad:
 		fprintf(stdout,"\n");
 		}
 
+	if (check)
+		if (RSA_check_key(rsa))
+			BIO_printf(out,"RSA key ok\n");
+		else
+			{
+			long e;
+
+			while ((e = ERR_peek_error()) != 0 &&
+				ERR_GET_LIB(e) == ERR_LIB_RSA &&
+				ERR_GET_FUNC(e) == RSA_F_RSA_CHECK_KEY &&
+				ERR_GET_REASON(e) != ERR_R_MALLOC_FAILURE)
+				{
+				BIO_printf(out, "RSA key error: %s\n", ERR_reason_error_string(e));
+				ERR_get_error(); /* remove e from error stack */
+				}
+			if (e != 0)
+				{
+				ERR_print_errors(bio_err);
+				goto end;
+				}
+			}
+	
 	if (noout) goto end;
 	BIO_printf(bio_err,"writing RSA private key\n");
 	if 	(outformat == FORMAT_ASN1)

crypto/rsa/Makefile.ssl

@@ -23,9 +23,9 @@ APPS=
 
 LIB=$(TOP)/libcrypto.a
 LIBSRC= rsa_eay.c rsa_gen.c rsa_lib.c rsa_sign.c rsa_saos.c rsa_err.c \
-	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c
+	rsa_pk1.c rsa_ssl.c rsa_none.c rsa_oaep.c rsa_chk.c
 LIBOBJ= rsa_eay.o rsa_gen.o rsa_lib.o rsa_sign.o rsa_saos.o rsa_err.o \
-	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o
+	rsa_pk1.o rsa_ssl.o rsa_none.o rsa_oaep.o rsa_chk.o
 
 SRC= $(LIBSRC)
 
@@ -80,6 +80,10 @@ clean:
 
 # DO NOT DELETE THIS LINE -- make depend depends on it.
 
+rsa_chk.o: ../../include/openssl/bn.h ../../include/openssl/crypto.h
+rsa_chk.o: ../../include/openssl/err.h ../../include/openssl/opensslconf.h
+rsa_chk.o: ../../include/openssl/opensslv.h ../../include/openssl/rsa.h
+rsa_chk.o: ../../include/openssl/stack.h
 rsa_eay.o: ../../include/openssl/bio.h ../../include/openssl/bn.h
 rsa_eay.o: ../../include/openssl/buffer.h ../../include/openssl/crypto.h
 rsa_eay.o: ../../include/openssl/e_os.h ../../include/openssl/e_os2.h

crypto/rsa/rsa.h

@@ -147,6 +147,7 @@ RSA *	RSA_new_method(RSA_METHOD *method);
 int	RSA_size(RSA *);
 RSA *	RSA_generate_key(int bits, unsigned long e,void
 		(*callback)(int,int,void *),void *cb_arg);
+int	RSA_check_key(RSA *);
 	/* next 4 return -1 on error */
 int	RSA_public_encrypt(int flen, unsigned char *from,
 		unsigned char *to, RSA *rsa,int padding);
@@ -248,6 +249,7 @@ char *RSA_get_ex_data(RSA *r, int idx);
 
 /* Function codes. */
 #define RSA_F_MEMORY_LOCK				 100
+#define RSA_F_RSA_CHECK_KEY				 123
 #define RSA_F_RSA_EAY_PRIVATE_DECRYPT			 101
 #define RSA_F_RSA_EAY_PRIVATE_ENCRYPT			 102
 #define RSA_F_RSA_EAY_PUBLIC_DECRYPT			 103
@@ -284,11 +286,18 @@ char *RSA_get_ex_data(RSA *r, int idx);
 #define RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE		 110
 #define RSA_R_DATA_TOO_SMALL				 111
 #define RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE		 122
+#define RSA_R_DE_NOT_CONGRUENT_TO_1			 123
 #define RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY		 112
+#define RSA_R_DMP1_NOT_CONGRUENT_TO_D			 124
+#define RSA_R_DMQ1_NOT_CONGRUENT_TO_D			 125
+#define RSA_R_IQMP_NOT_INVERSE_OF_Q			 126
 #define RSA_R_KEY_SIZE_TOO_SMALL			 120
 #define RSA_R_NULL_BEFORE_BLOCK_MISSING			 113
+#define RSA_R_N_DOES_NOT_EQUAL_PQ			 127
 #define RSA_R_OAEP_DECODING_ERROR			 121
 #define RSA_R_PADDING_CHECK_FAILED			 114
+#define RSA_R_P_NOT_PRIME				 128
+#define RSA_R_Q_NOT_PRIME				 129
 #define RSA_R_SSLV3_ROLLBACK_ATTACK			 115
 #define RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD 116
 #define RSA_R_UNKNOWN_ALGORITHM_TYPE			 117

crypto/rsa/rsa_err.c

@@ -66,6 +66,7 @@
 static ERR_STRING_DATA RSA_str_functs[]=
 	{
 {ERR_PACK(0,RSA_F_MEMORY_LOCK,0),	"MEMORY_LOCK"},
+{ERR_PACK(0,RSA_F_RSA_CHECK_KEY,0),	"RSA_check_key"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_DECRYPT,0),	"RSA_EAY_PRIVATE_DECRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PRIVATE_ENCRYPT,0),	"RSA_EAY_PRIVATE_ENCRYPT"},
 {ERR_PACK(0,RSA_F_RSA_EAY_PUBLIC_DECRYPT,0),	"RSA_EAY_PUBLIC_DECRYPT"},
@@ -105,11 +106,18 @@ static ERR_STRING_DATA RSA_str_reasons[]=
 {RSA_R_DATA_TOO_LARGE_FOR_KEY_SIZE       ,"data too large for key size"},
 {RSA_R_DATA_TOO_SMALL                    ,"data too small"},
 {RSA_R_DATA_TOO_SMALL_FOR_KEY_SIZE       ,"data too small for key size"},
+{RSA_R_DE_NOT_CONGRUENT_TO_1             ,"de not congruent to 1"},
 {RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY        ,"digest too big for rsa key"},
+{RSA_R_DMP1_NOT_CONGRUENT_TO_D           ,"dmp1 not congruent to d"},
+{RSA_R_DMQ1_NOT_CONGRUENT_TO_D           ,"dmq1 not congruent to d"},
+{RSA_R_IQMP_NOT_INVERSE_OF_Q             ,"iqmp not inverse of q"},
 {RSA_R_KEY_SIZE_TOO_SMALL                ,"key size too small"},
 {RSA_R_NULL_BEFORE_BLOCK_MISSING         ,"null before block missing"},
+{RSA_R_N_DOES_NOT_EQUAL_PQ               ,"n does not equal pq"},
 {RSA_R_OAEP_DECODING_ERROR               ,"oaep decoding error"},
 {RSA_R_PADDING_CHECK_FAILED              ,"padding check failed"},
+{RSA_R_P_NOT_PRIME                       ,"p not prime"},
+{RSA_R_Q_NOT_PRIME                       ,"q not prime"},
 {RSA_R_SSLV3_ROLLBACK_ATTACK             ,"sslv3 rollback attack"},
 {RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD,"the asn1 object identifier is not known for this md"},
 {RSA_R_UNKNOWN_ALGORITHM_TYPE            ,"unknown algorithm type"},

util/libeay.num

@@ -1841,3 +1841,4 @@ sk_X509_LOOKUP_sort                     1865
 sk_POLICYQUALINFO_sort                  1866
 sk_X509_CRL_sort                        1867
 sk_DIST_POINT_sort                      1868
+RSA_check_key                           1869