Add a new function stub to libcrypto() which resolves to a symbol in

the librsa* library and reports which version of the library (OpenSSL/RSAREF)
is being used.

This is then used in openssh to detect the failure case of RSAREF and a RSA key
>1024 bits, to print a more helpful error message than 'rsa_public_encrypt() fai
led.'

This is a 4.0-RELEASE candidate.
This commit is contained in:
kris 2000-03-13 09:55:53 +00:00
parent 6120b1126e
commit 0d170b1596
6 changed files with 72 additions and 3 deletions

View File

@ -31,6 +31,8 @@
* below:
*
* [gone - had to be deleted - what a pity]
*
* $FreeBSD$
*
*/
@ -125,7 +127,10 @@ rsa_public_encrypt(BIGNUM *out, BIGNUM *in, RSA *key)
if ((len = RSA_public_encrypt(ilen, inbuf, outbuf, key,
RSA_PKCS1_PADDING)) <= 0)
fatal("rsa_public_encrypt() failed");
if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF)
fatal("rsa_private_encrypt() failed: RSAREF cannot handle keys larger than 1024 bits.");
else
fatal("rsa_private_encrypt() failed.");
BN_bin2bn(outbuf, len, out);
@ -150,7 +155,10 @@ rsa_private_decrypt(BIGNUM *out, BIGNUM *in, RSA *key)
if ((len = RSA_private_decrypt(ilen, inbuf, outbuf, key,
RSA_PKCS1_PADDING)) <= 0)
fatal("rsa_private_decrypt() failed");
if (BN_num_bits(key->n) > 1024 && RSA_libversion() == RSALIB_RSAREF)
fatal("rsa_private_decrypt() failed: RSAREF cannot handle keys larger than 1024 bits.");
else
fatal("rsa_private_decrypt() failed.");
BN_bin2bn(outbuf, len, out);

View File

@ -244,6 +244,8 @@ int RSA_get_ex_new_index(long argl, char *argp, int (*new_func)(),
int RSA_set_ex_data(RSA *r,int idx,char *arg);
char *RSA_get_ex_data(RSA *r, int idx);
int RSA_libversion();
/* BEGIN ERROR CODES */
/* The following lines are auto generated by the script mkerr.pl. Any changes
* made after this point may be overwritten when the script is next run.
@ -308,6 +310,9 @@ char *RSA_get_ex_data(RSA *r, int idx);
#define RSA_R_UNKNOWN_PADDING_TYPE 118
#define RSA_R_WRONG_SIGNATURE_LENGTH 119
#define RSALIB_OPENSSL 1
#define RSALIB_RSAREF 2
#ifdef __cplusplus
}
#endif

View File

@ -0,0 +1,39 @@
/*-
* Copyright (c) 2000 Kris Kennaway <kris@FreeBSD.org>
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE. SO THERE.
*
* $FreeBSD$
*/
#ifndef NO_RSA
#ifdef PIC
#include <openssl/rsa.h>
int RSA_libversion()
{
return RSALIB_OPENSSL;
}
#endif /* PIC */
#endif /* NO_RSA */

View File

@ -87,6 +87,16 @@ ERR_load_RSA_strings_stub(void)
}
__weak_reference(ERR_load_RSA_strings_stub, ERR_load_RSA_strings);
int
RSA_libversion_stub(void)
{
static void (*sym)(void);
if (sym || (sym = getsym("RSA_libversion")))
sym();
}
__weak_reference(RSA_libversion_stub, RSA_libversion);
#else /* !PIC */
/* Sigh, just get your own libs, ld(1) doesn't deal with weaks here */

View File

@ -40,6 +40,7 @@
#ifndef NO_RSA
#include <stdio.h>
#include <openssl/rsa.h>
#define VERBOSE_STUBS /* undef if you don't want missing rsaref reported */
@ -165,6 +166,12 @@ R_RandomUpdate_stub(void *randomStruct,
}
__weak_reference(R_RandomUpdate_stub, R_RandomUpdate);
int
RSA_libversion()
{
return RSALIB_RSAREF;
}
#else /* !PIC */
/* Failsafe glue for static linking. Link but complain like hell. */

View File

@ -11,7 +11,7 @@ SHLIB_MAJOR= 1
CFLAGS+= -I${.OBJDIR}
# rsaref
SRCS+= rsa_err.c rsa_eay.c
SRCS+= rsa_err.c rsa_eay.c rsa_intlstubs.c
HDRS= asn1/asn1.h asn1/asn1_mac.h bio/bio.h bf/blowfish.h bn/bn.h \
buffer/buffer.h cast/cast.h comp/comp.h conf/conf.h crypto.h \