/[svn]/ircd-hybrid-7.2/src/rsa.c
ViewVC logotype

Annotation of /ircd-hybrid-7.2/src/rsa.c

Parent Directory Parent Directory | Revision Log Revision Log


Revision 1013 - (hide annotations)
Sun Oct 18 14:26:49 2009 UTC (10 years ago) by michael
File MIME type: text/x-chdr
File size: 6391 byte(s)
- Add -Wextra -Wcast-align -Wbad-function-cast to CFLAGS if --enable-warnings is specified
- Fixed several compile warnings
- 64-bit cleanliness fixes, e.g., reorganize data structures to reduce storage/unnecessary padding

1 adx 30 /*
2     * ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd).
3     * rsa.c: Functions for use with RSA public key cryptography.
4     *
5     * Copyright (C) 2002 by the past and present ircd coders, and others.
6     *
7     * This program is free software; you can redistribute it and/or modify
8     * it under the terms of the GNU General Public License as published by
9     * the Free Software Foundation; either version 2 of the License, or
10     * (at your option) any later version.
11     *
12     * This program is distributed in the hope that it will be useful,
13     * but WITHOUT ANY WARRANTY; without even the implied warranty of
14     * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15     * GNU General Public License for more details.
16     *
17     * You should have received a copy of the GNU General Public License
18     * along with this program; if not, write to the Free Software
19     * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
20     * USA
21     *
22 knight 31 * $Id$
23 adx 30 */
24    
25     #include "stdinc.h"
26    
27     #include <openssl/pem.h>
28     #include <openssl/rand.h>
29     #include <openssl/rsa.h>
30     #include <openssl/md5.h>
31     #include <openssl/bn.h>
32     #include <openssl/evp.h>
33     #include <openssl/err.h>
34 michael 1013 #include <openssl/opensslv.h>
35 adx 30
36     #include "memory.h"
37     #include "rsa.h"
38     #include "s_conf.h"
39     #include "s_log.h"
40     #include "client.h" /* CIPHERKEYLEN .. eww */
41     #include "ircd.h" /* bio_spare_fd */
42    
43     static void binary_to_hex(unsigned char *bin, char *hex, int length);
44    
45     /*
46     * report_crypto_errors - Dump crypto error list to log
47     */
48     void
49     report_crypto_errors(void)
50     {
51     unsigned long e = 0;
52     unsigned long cnt = 0;
53    
54     ERR_load_crypto_strings();
55    
56     while ((cnt < 100) && (e = ERR_get_error()))
57     {
58     ilog(L_CRIT, "SSL error: %s", ERR_error_string(e, 0));
59     cnt++;
60     }
61     }
62    
63     /*
64     * verify_private_key - reread private key and verify against inmem key
65     */
66     int
67     verify_private_key(void)
68     {
69     BIO *file;
70     RSA *key;
71     RSA *mkey;
72    
73     /* If the rsa_private_key directive isn't found, error out. */
74     if (ServerInfo.rsa_private_key == NULL)
75     {
76     ilog(L_NOTICE, "rsa_private_key in serverinfo{} is not defined.");
77     return -1;
78     }
79    
80     /* If rsa_private_key_file isn't available, error out. */
81     if (ServerInfo.rsa_private_key_file == NULL)
82     {
83     ilog(L_NOTICE, "Internal error: rsa_private_key_file isn't defined.");
84     return -1;
85     }
86    
87     if (bio_spare_fd > -1)
88     close(bio_spare_fd);
89    
90     file = BIO_new_file(ServerInfo.rsa_private_key_file, "r");
91    
92     /*
93     * If BIO_new_file returned NULL (according to OpenSSL docs), then
94     * an error occurred.
95     */
96     if (file == NULL)
97     {
98     bio_spare_fd = save_spare_fd("SSL private key validation");
99     ilog(L_NOTICE, "Failed to open private key file - can't validate it");
100     return -1;
101     }
102    
103     /*
104     * jdc -- Let's do this a little differently. According to the
105     * OpenSSL documentation, you need to METHOD_free(key) before
106     * assigning it. Don't believe me? Check out the following
107     * URL: http://www.openssl.org/docs/crypto/pem.html#BUGS
108     * P.S. -- I have no idea why the key= assignment has to be typecasted.
109     * For some reason the system thinks PEM_read_bio_RSAPrivateKey
110     * is returning an int, not a RSA *.
111     * androsyn -- Thats because you didn't have a prototype and including
112     * pem.h breaks things for some reason..
113     */
114     key = (RSA *) PEM_read_bio_RSAPrivateKey(file, NULL, 0, NULL);
115    
116     if (key == NULL)
117     {
118     ilog(L_NOTICE, "PEM_read_bio_RSAPrivateKey() failed; possibly not RSA?");
119     report_crypto_errors();
120     return -1;
121     }
122    
123     BIO_set_close(file, BIO_CLOSE);
124     BIO_free(file);
125     bio_spare_fd = save_spare_fd("SSL private key validation");
126    
127     mkey = ServerInfo.rsa_private_key;
128    
129     /*
130     * Compare the in-memory key to the key we just loaded above. If
131     * any of the portions don't match, then logically we have a different
132     * in-memory key vs. the one we just loaded. This is bad, mmmkay?
133     */
134     if (mkey->pad != key->pad)
135     ilog(L_CRIT, "Private key corrupted: pad %i != pad %i",
136     mkey->pad, key->pad);
137    
138     if (mkey->version != key->version)
139     {
140 michael 1013 #if (OPENSSL_VERSION_NUMBER >= 0x00907000)
141 adx 30 ilog(L_CRIT, "Private key corrupted: version %li != version %li",
142     mkey->version, key->version);
143     #else
144     ilog(L_CRIT, "Private key corrupted: version %i != version %i",
145     mkey->version, key->version);
146     #endif
147     }
148    
149     if (BN_cmp(mkey->n, key->n))
150     ilog(L_CRIT, "Private key corrupted: n differs");
151     if (BN_cmp(mkey->e, key->e))
152     ilog(L_CRIT, "Private key corrupted: e differs");
153     if (BN_cmp(mkey->d, key->d))
154     ilog(L_CRIT, "Private key corrupted: d differs");
155     if (BN_cmp(mkey->p, key->p))
156     ilog(L_CRIT, "Private key corrupted: p differs");
157     if (BN_cmp(mkey->q, key->q))
158     ilog(L_CRIT, "Private key corrupted: q differs");
159     if (BN_cmp(mkey->dmp1, key->dmp1))
160     ilog(L_CRIT, "Private key corrupted: dmp1 differs");
161     if (BN_cmp(mkey->dmq1, key->dmq1))
162     ilog(L_CRIT, "Private key corrupted: dmq1 differs");
163     if (BN_cmp(mkey->iqmp, key->iqmp))
164     ilog(L_CRIT, "Private key corrupted: iqmp differs");
165    
166     RSA_free(key);
167     return 0;
168     }
169    
170    
171     static void
172     binary_to_hex(unsigned char *bin, char *hex, int length)
173     {
174     static const char trans[] = "0123456789ABCDEF";
175     int i;
176    
177     for(i = 0; i < length; i++)
178     {
179     hex[i << 1] = trans[bin[i] >> 4];
180     hex[(i << 1) + 1] = trans[bin[i] & 0xf];
181     }
182    
183     hex[i << 1] = '\0';
184     }
185    
186     int
187     get_randomness(unsigned char *buf, int length)
188     {
189     /* Seed OpenSSL PRNG with EGD enthropy pool -kre */
190     if (ConfigFileEntry.use_egd &&
191     (ConfigFileEntry.egdpool_path != NULL))
192     {
193     if (RAND_egd(ConfigFileEntry.egdpool_path) == -1)
194     return -1;
195     }
196    
197     if (RAND_status())
198     return (RAND_bytes(buf, length));
199     else /* XXX - abort? */
200     return (RAND_pseudo_bytes(buf, length));
201     }
202    
203     int
204     generate_challenge(char **r_challenge, char **r_response, RSA *rsa)
205     {
206     unsigned char secret[32], *tmp;
207     unsigned long length;
208     int ret = -1;
209    
210     if (!rsa)
211     return -1;
212     get_randomness(secret, 32);
213     *r_response = MyMalloc(65);
214     binary_to_hex(secret, *r_response, 32);
215    
216     length = RSA_size(rsa);
217     tmp = MyMalloc(length);
218     ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING);
219    
220     *r_challenge = MyMalloc((length << 1) + 1);
221     binary_to_hex( tmp, *r_challenge, length);
222     (*r_challenge)[length<<1] = 0;
223     MyFree(tmp);
224    
225     if (ret < 0)
226     {
227     report_crypto_errors();
228     return -1;
229     }
230     return 0;
231     }

Properties

Name Value
svn:eol-style native
svn:keywords Id Revision

svnadmin@ircd-hybrid.org
ViewVC Help
Powered by ViewVC 1.1.26