diff --git a/crypto/openssh/rsa.c b/crypto/openssh/rsa.c index 5cab80489121..6f9c7cde01c0 100644 --- a/crypto/openssh/rsa.c +++ b/crypto/openssh/rsa.c @@ -31,6 +31,8 @@ * below: * * [gone - had to be deleted - what a pity] + * + * $FreeBSD$ * */ @@ -125,7 +127,10 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key) if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key, RSA_PKCS1_PADDING)) <= 0) - fatal("rsa_public_encrypt() failed"); + if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF) + fatal("rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits."); + else + fatal("rsa_private_encrypt() failed."); BN_bin2bn(outbuf, len, out); @@ -150,7 +155,10 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key) if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key, RSA_PKCS1_PADDING)) <= 0) - fatal("rsa_private_decrypt() failed"); + if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF) + fatal("rsa_private_decrypt() failed: RSAREF cannot handle keys larger than 1024 bits."); + else + fatal("rsa_private_decrypt() failed."); BN_bin2bn(outbuf, len, out); diff --git a/crypto/openssl/crypto/rsa/rsa.h b/crypto/openssl/crypto/rsa/rsa.h index 6c17cccdef6b..3040d03233db 100644 --- a/crypto/openssl/crypto/rsa/rsa.h +++ b/crypto/openssl/crypto/rsa/rsa.h @@ -244,6 +244,8 @@ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(), int RSA_set_ex_data(RSA *r,int idx,char *arg); char *RSA_get_ex_data(RSA *r, int idx); +int RSA_libversion(); + /* BEGIN ERROR CODES */ /* The following lines are auto generated by the script mkerr.pl. Any changes * made after this point may be overwritten when the script is next run. @@ -308,6 +310,9 @@ char *RSA_get_ex_data(RSA *r, int idx); #define RSA_R_UNKNOWN_PADDING_TYPE 118 #define RSA_R_WRONG_SIGNATURE_LENGTH 119 +#define RSALIB_OPENSSL 1 +#define RSALIB_RSAREF 2 + #ifdef __cplusplus } #endif diff --git a/crypto/openssl/crypto/rsa/rsa_intlstubs.c b/crypto/openssl/crypto/rsa/rsa_intlstubs.c new file mode 100644 index 000000000000..e9a0316f2fc4 --- /dev/null +++ b/crypto/openssl/crypto/rsa/rsa_intlstubs.c @@ -0,0 +1,39 @@ +/*- + * Copyright (c) 2000 Kris Kennaway + * All rights reserved. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND + * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE + * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE + * ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE + * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL + * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS + * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) + * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT + * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY + * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF + * SUCH DAMAGE. SO THERE. + * + * $FreeBSD$ + */ + +#ifndef NO_RSA +#ifdef PIC +#include + +int RSA_libversion() +{ + return RSALIB_OPENSSL; +} + +#endif /* PIC */ +#endif /* NO_RSA */ diff --git a/crypto/openssl/crypto/rsa/rsa_stubs.c b/crypto/openssl/crypto/rsa/rsa_stubs.c index 2da9e4268360..f164ce0133ac 100644 --- a/crypto/openssl/crypto/rsa/rsa_stubs.c +++ b/crypto/openssl/crypto/rsa/rsa_stubs.c @@ -87,6 +87,16 @@ ERR_load_RSA_strings_stub(void) } __weak_reference(ERR_load_RSA_strings_stub, ERR_load_RSA_strings); +int +RSA_libversion_stub(void) +{ + static void (*sym)(void); + + if (sym || (sym = getsym("RSA_libversion"))) + sym(); +} +__weak_reference(RSA_libversion_stub, RSA_libversion); + #else /* !PIC */ /* Sigh, just get your own libs, ld(1) doesn't deal with weaks here */ diff --git a/crypto/openssl/rsaref/rsaref_stubs.c b/crypto/openssl/rsaref/rsaref_stubs.c index 6296ebb93ec9..f1f7063cdec7 100644 --- a/crypto/openssl/rsaref/rsaref_stubs.c +++ b/crypto/openssl/rsaref/rsaref_stubs.c @@ -40,6 +40,7 @@ #ifndef NO_RSA #include +#include #define VERBOSE_STUBS /* undef if you don't want missing rsaref reported */ @@ -165,6 +166,12 @@ R_RandomUpdate_stub(void *randomStruct, } __weak_reference(R_RandomUpdate_stub, R_RandomUpdate); +int +RSA_libversion() +{ + return RSALIB_RSAREF; +} + #else /* !PIC */ /* Failsafe glue for static linking. Link but complain like hell. */ diff --git a/secure/lib/librsaintl/Makefile b/secure/lib/librsaintl/Makefile index e96720332dd1..d5fad13a42d9 100644 --- a/secure/lib/librsaintl/Makefile +++ b/secure/lib/librsaintl/Makefile @@ -11,7 +11,7 @@ SHLIB_MAJOR= 1 CFLAGS+= -I${.OBJDIR} # rsaref -SRCS+= rsa_err.c rsa_eay.c +SRCS+= rsa_err.c rsa_eay.c rsa_intlstubs.c HDRS= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \ buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \