Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
OpenHarmony
Third Party Openssl
提交
8d73db28
T
Third Party Openssl
项目概览
OpenHarmony
/
Third Party Openssl
1 年多 前同步成功
通知
9
Star
18
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
T
Third Party Openssl
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
提交
8d73db28
编写于
10月 19, 2014
作者:
D
Dr. Stephen Henson
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
remove FIPS module code from crypto/rsa
Reviewed-by:
N
Tim Hudson
<
tjh@openssl.org
>
上级
05417a34
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
0 addition
and
236 deletion
+0
-236
crypto/rsa/rsa_eay.c
crypto/rsa/rsa_eay.c
+0
-70
crypto/rsa/rsa_gen.c
crypto/rsa/rsa_gen.c
+0
-128
crypto/rsa/rsa_pss.c
crypto/rsa/rsa_pss.c
+0
-4
crypto/rsa/rsa_x931g.c
crypto/rsa/rsa_x931g.c
+0
-34
未找到文件。
crypto/rsa/rsa_eay.c
浏览文件 @
8d73db28
...
...
@@ -115,9 +115,6 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#include <openssl/rand.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
#ifndef RSA_NULL
...
...
@@ -162,21 +159,6 @@ static int RSA_eay_public_encrypt(int flen, const unsigned char *from,
unsigned
char
*
buf
=
NULL
;
BN_CTX
*
ctx
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_EAY_PUBLIC_ENCRYPT
,
FIPS_R_FIPS_SELFTEST_FAILED
);
goto
err
;
}
if
(
FIPS_module_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_ENCRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
}
#endif
if
(
BN_num_bits
(
rsa
->
n
)
>
OPENSSL_RSA_MAX_MODULUS_BITS
)
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_ENCRYPT
,
RSA_R_MODULUS_TOO_LARGE
);
...
...
@@ -380,21 +362,6 @@ static int RSA_eay_private_encrypt(int flen, const unsigned char *from,
BIGNUM
*
unblind
=
NULL
;
BN_BLINDING
*
blinding
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_EAY_PRIVATE_ENCRYPT
,
FIPS_R_FIPS_SELFTEST_FAILED
);
goto
err
;
}
if
(
FIPS_module_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PRIVATE_ENCRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
}
#endif
if
((
ctx
=
BN_CTX_new
())
==
NULL
)
goto
err
;
BN_CTX_start
(
ctx
);
f
=
BN_CTX_get
(
ctx
);
...
...
@@ -538,21 +505,6 @@ static int RSA_eay_private_decrypt(int flen, const unsigned char *from,
BIGNUM
*
unblind
=
NULL
;
BN_BLINDING
*
blinding
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_EAY_PRIVATE_DECRYPT
,
FIPS_R_FIPS_SELFTEST_FAILED
);
goto
err
;
}
if
(
FIPS_module_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PRIVATE_DECRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
}
#endif
if
((
ctx
=
BN_CTX_new
())
==
NULL
)
goto
err
;
BN_CTX_start
(
ctx
);
f
=
BN_CTX_get
(
ctx
);
...
...
@@ -688,21 +640,6 @@ static int RSA_eay_public_decrypt(int flen, const unsigned char *from,
unsigned
char
*
buf
=
NULL
;
BN_CTX
*
ctx
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_EAY_PUBLIC_DECRYPT
,
FIPS_R_FIPS_SELFTEST_FAILED
);
goto
err
;
}
if
(
FIPS_module_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
BN_num_bits
(
rsa
->
n
)
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_DECRYPT
,
RSA_R_KEY_SIZE_TOO_SMALL
);
return
-
1
;
}
#endif
if
(
BN_num_bits
(
rsa
->
n
)
>
OPENSSL_RSA_MAX_MODULUS_BITS
)
{
RSAerr
(
RSA_F_RSA_EAY_PUBLIC_DECRYPT
,
RSA_R_MODULUS_TOO_LARGE
);
...
...
@@ -961,13 +898,6 @@ err:
static
int
RSA_eay_init
(
RSA
*
rsa
)
{
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_EAY_INIT
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
0
;
}
#endif
rsa
->
flags
|=
RSA_FLAG_CACHE_PUBLIC
|
RSA_FLAG_CACHE_PRIVATE
;
return
(
1
);
}
...
...
crypto/rsa/rsa_gen.c
浏览文件 @
8d73db28
...
...
@@ -70,112 +70,6 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#include <openssl/fips_rand.h>
#include <openssl/evp.h>
/* Check PRNG has sufficient security level to handle an RSA operation */
int
fips_check_rsa_prng
(
RSA
*
rsa
,
int
bits
)
{
int
strength
;
if
(
!
FIPS_module_mode
())
return
1
;
if
(
rsa
->
flags
&
(
RSA_FLAG_NON_FIPS_ALLOW
|
RSA_FLAG_CHECKED
))
return
1
;
if
(
bits
==
0
)
bits
=
BN_num_bits
(
rsa
->
n
);
/* Should never happen */
if
(
bits
<
1024
)
{
FIPSerr
(
FIPS_F_FIPS_CHECK_RSA_PRNG
,
FIPS_R_KEY_TOO_SHORT
);
return
0
;
}
/* From SP800-57 */
if
(
bits
<
2048
)
strength
=
80
;
else
if
(
bits
<
3072
)
strength
=
112
;
else
if
(
bits
<
7680
)
strength
=
128
;
else
if
(
bits
<
15360
)
strength
=
192
;
else
strength
=
256
;
if
(
FIPS_rand_strength
()
>=
strength
)
return
1
;
FIPSerr
(
FIPS_F_FIPS_CHECK_RSA_PRNG
,
FIPS_R_PRNG_STRENGTH_TOO_LOW
);
return
0
;
}
int
fips_check_rsa
(
RSA
*
rsa
)
{
const
unsigned
char
tbs
[]
=
"RSA Pairwise Check Data"
;
unsigned
char
*
ctbuf
=
NULL
,
*
ptbuf
=
NULL
;
int
len
,
ret
=
0
;
EVP_PKEY
pk
;
pk
.
type
=
EVP_PKEY_RSA
;
pk
.
pkey
.
rsa
=
rsa
;
/* Perform pairwise consistency signature test */
if
(
!
fips_pkey_signature_test
(
FIPS_TEST_PAIRWISE
,
&
pk
,
tbs
,
0
,
NULL
,
0
,
NULL
,
RSA_PKCS1_PADDING
,
NULL
)
||
!
fips_pkey_signature_test
(
FIPS_TEST_PAIRWISE
,
&
pk
,
tbs
,
0
,
NULL
,
0
,
NULL
,
RSA_X931_PADDING
,
NULL
)
||
!
fips_pkey_signature_test
(
FIPS_TEST_PAIRWISE
,
&
pk
,
tbs
,
0
,
NULL
,
0
,
NULL
,
RSA_PKCS1_PSS_PADDING
,
NULL
))
goto
err
;
/* Now perform pairwise consistency encrypt/decrypt test */
ctbuf
=
OPENSSL_malloc
(
RSA_size
(
rsa
));
if
(
!
ctbuf
)
goto
err
;
len
=
RSA_public_encrypt
(
sizeof
(
tbs
)
-
1
,
tbs
,
ctbuf
,
rsa
,
RSA_PKCS1_PADDING
);
if
(
len
<=
0
)
goto
err
;
/* Check ciphertext doesn't match plaintext */
if
((
len
==
(
sizeof
(
tbs
)
-
1
))
&&
!
memcmp
(
tbs
,
ctbuf
,
len
))
goto
err
;
ptbuf
=
OPENSSL_malloc
(
RSA_size
(
rsa
));
if
(
!
ptbuf
)
goto
err
;
len
=
RSA_private_decrypt
(
len
,
ctbuf
,
ptbuf
,
rsa
,
RSA_PKCS1_PADDING
);
if
(
len
!=
(
sizeof
(
tbs
)
-
1
))
goto
err
;
if
(
memcmp
(
ptbuf
,
tbs
,
len
))
goto
err
;
ret
=
1
;
if
(
!
ptbuf
)
goto
err
;
err:
if
(
ret
==
0
)
{
fips_set_selftest_fail
();
FIPSerr
(
FIPS_F_FIPS_CHECK_RSA
,
FIPS_R_PAIRWISE_TEST_FAILED
);
}
if
(
ctbuf
)
OPENSSL_free
(
ctbuf
);
if
(
ptbuf
)
OPENSSL_free
(
ptbuf
);
return
ret
;
}
#endif
static
int
rsa_builtin_keygen
(
RSA
*
rsa
,
int
bits
,
BIGNUM
*
e_value
,
BN_GENCB
*
cb
);
/* NB: this wrapper would normally be placed in rsa_lib.c and the static
...
...
@@ -198,23 +92,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
int
bitsp
,
bitsq
,
ok
=
-
1
,
n
=
0
;
BN_CTX
*
ctx
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_BUILTIN_KEYGEN
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
0
;
}
if
(
FIPS_module_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
bits
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
FIPSerr
(
FIPS_F_RSA_BUILTIN_KEYGEN
,
FIPS_R_KEY_TOO_SHORT
);
return
0
;
}
if
(
!
fips_check_rsa_prng
(
rsa
,
bits
))
return
0
;
#endif
ctx
=
BN_CTX_new
();
if
(
ctx
==
NULL
)
goto
err
;
BN_CTX_start
(
ctx
);
...
...
@@ -326,11 +203,6 @@ static int rsa_builtin_keygen(RSA *rsa, int bits, BIGNUM *e_value, BN_GENCB *cb)
p
=
rsa
->
p
;
if
(
!
BN_mod_inverse
(
rsa
->
iqmp
,
rsa
->
q
,
p
,
ctx
))
goto
err
;
#ifdef OPENSSL_FIPS
if
(
!
fips_check_rsa
(
rsa
))
goto
err
;
#endif
ok
=
1
;
err:
if
(
ok
==
-
1
)
...
...
crypto/rsa/rsa_pss.c
浏览文件 @
8d73db28
...
...
@@ -67,10 +67,6 @@
#include <openssl/sha.h>
#include "rsa_locl.h"
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
#endif
static
const
unsigned
char
zeroes
[]
=
{
0
,
0
,
0
,
0
,
0
,
0
,
0
,
0
};
#if defined(_MSC_VER) && defined(_ARM_)
...
...
crypto/rsa/rsa_x931g.c
浏览文件 @
8d73db28
...
...
@@ -65,12 +65,6 @@
#include <openssl/bn.h>
#include <openssl/rsa.h>
#ifdef OPENSSL_FIPS
#include <openssl/fips.h>
extern
int
fips_check_rsa
(
RSA
*
rsa
);
#endif
/* X9.31 RSA key derivation and generation */
int
RSA_X931_derive_ex
(
RSA
*
rsa
,
BIGNUM
*
p1
,
BIGNUM
*
p2
,
BIGNUM
*
q1
,
BIGNUM
*
q2
,
...
...
@@ -209,29 +203,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
BIGNUM
*
Xp
=
NULL
,
*
Xq
=
NULL
;
BN_CTX
*
ctx
=
NULL
;
#ifdef OPENSSL_FIPS
if
(
FIPS_module_mode
()
&&
!
(
rsa
->
flags
&
RSA_FLAG_NON_FIPS_ALLOW
)
&&
(
bits
<
OPENSSL_RSA_FIPS_MIN_MODULUS_BITS
))
{
FIPSerr
(
FIPS_F_RSA_X931_GENERATE_KEY_EX
,
FIPS_R_KEY_TOO_SHORT
);
return
0
;
}
if
(
bits
&
0xff
)
{
FIPSerr
(
FIPS_F_RSA_X931_GENERATE_KEY_EX
,
FIPS_R_INVALID_KEY_LENGTH
);
return
0
;
}
if
(
FIPS_selftest_failed
())
{
FIPSerr
(
FIPS_F_RSA_X931_GENERATE_KEY_EX
,
FIPS_R_FIPS_SELFTEST_FAILED
);
return
0
;
}
if
(
!
fips_check_rsa_prng
(
rsa
,
bits
))
return
0
;
#endif
ctx
=
BN_CTX_new
();
if
(
!
ctx
)
goto
error
;
...
...
@@ -265,11 +236,6 @@ int RSA_X931_generate_key_ex(RSA *rsa, int bits, const BIGNUM *e, BN_GENCB *cb)
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
NULL
,
e
,
cb
))
goto
error
;
#ifdef OPENSSL_FIPS
if
(
!
fips_check_rsa
(
rsa
))
goto
error
;
#endif
ok
=
1
;
error:
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录