trunk/src/rsa.c

/*
 *  ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
 *
 *  Copyright (c) 2000-2014 ircd-hybrid development team
 *
 *  This program is free software; you can redistribute it and/or modify
 *  it under the terms of the GNU General Public License as published by
 *  the Free Software Foundation; either version 2 of the License, or
 *  (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU General Public License for more details.
 *
 *  You should have received a copy of the GNU General Public License
 *  along with this program; if not, write to the Free Software
 *  Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307
 *  USA
 */

/*! \file rsa.c
 * \brief Functions for use with RSA public key cryptography.
 * \version $Id$
 */

#include "stdinc.h"
#ifdef HAVE_LIBCRYPTO
#include <openssl/pem.h>
#include <openssl/rand.h>
#include <openssl/rsa.h>
#include <openssl/bn.h>
#include <openssl/evp.h>
#include <openssl/err.h>
#include <openssl/opensslv.h>

#include "memory.h"
#include "rsa.h"
#include "conf.h"
#include "log.h"


/*
 * report_crypto_errors - Dump crypto error list to log
 */
void
report_crypto_errors(void)
{
  unsigned long e = 0;

  while ((e = ERR_get_error()))
    ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0));
}

void
binary_to_hex(const unsigned char *bin, char *hex, unsigned int length)
{
  static const char trans[] = "0123456789ABCDEF";

  for (const unsigned char *end = bin + length; bin < end; ++bin)
  {
    *hex++ = trans[*bin >>  4];
    *hex++ = trans[*bin & 0xf];
  }

  *hex = '\0';
}

int
get_randomness(unsigned char *buf, int length)
{
  return RAND_bytes(buf, length);
}

int
generate_challenge(char **r_challenge, char **r_response, RSA *rsa)
{
  unsigned char secret[32], *tmp = NULL;
  unsigned long length = 0;
  int ret = -1;

  if (!rsa)
    return -1;

  if (!get_randomness(secret, 32))
  {
    report_crypto_errors();
    return -1;
  }

  *r_response = MyCalloc(65);
  binary_to_hex(secret, *r_response, 32);

  length = RSA_size(rsa);
  tmp = MyCalloc(length);
  ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING);

  *r_challenge = MyCalloc((length << 1) + 1);
  binary_to_hex(tmp, *r_challenge, length);
  MyFree(tmp);

  if (ret < 0)
  {
    report_crypto_errors();
    return -1;
  }

  return 0;
}
#endif
Revision:	4254
Committed:	Fri Jul 18 19:07:27 2014 UTC (11 years, 1 month ago) by michael
Content type:	text/x-csrc
File size:	2534 byte(s)
Log Message:	- Cleaned up and sanitized /challenge related code - rsa.c:get_randomness(): removed EGD support; also don't fall back to RAND_pseudo_bytes() if RAND_bytes() fails. If RAND_bytes() fails, just reject the /challenge request.
#	Content
1	/*
2	* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd)
3	*
4	* Copyright (c) 2000-2014 ircd-hybrid development team
5	*
6	* This program is free software; you can redistribute it and/or modify
7	* it under the terms of the GNU General Public License as published by
8	* the Free Software Foundation; either version 2 of the License, or
9	* (at your option) any later version.
10	*
11	* This program is distributed in the hope that it will be useful,
12	* but WITHOUT ANY WARRANTY; without even the implied warranty of
13	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14	* GNU General Public License for more details.
15	*
16	* You should have received a copy of the GNU General Public License
17	* along with this program; if not, write to the Free Software
18	* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
19	* USA
20	*/
21
22	/*! \file rsa.c
23	* \brief Functions for use with RSA public key cryptography.
24	* \version $Id$
25	*/
26
27	#include "stdinc.h"
28	#ifdef HAVE_LIBCRYPTO
29	#include <openssl/pem.h>
30	#include <openssl/rand.h>
31	#include <openssl/rsa.h>
32	#include <openssl/bn.h>
33	#include <openssl/evp.h>
34	#include <openssl/err.h>
35	#include <openssl/opensslv.h>
36
37	#include "memory.h"
38	#include "rsa.h"
39	#include "conf.h"
40	#include "log.h"
41
42
43	/*
44	* report_crypto_errors - Dump crypto error list to log
45	*/
46	void
47	report_crypto_errors(void)
48	{
49	unsigned long e = 0;
50
51	while ((e = ERR_get_error()))
52	ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0));
53	}
54
55	void
56	binary_to_hex(const unsigned char bin, char hex, unsigned int length)
57	{
58	static const char trans[] = "0123456789ABCDEF";
59
60	for (const unsigned char *end = bin + length; bin < end; ++bin)
61	{
62	hex++ = trans[bin >> 4];
63	hex++ = trans[bin & 0xf];
64	}
65
66	*hex = '\0';
67	}
68
69	int
70	get_randomness(unsigned char *buf, int length)
71	{
72	return RAND_bytes(buf, length);
73	}
74
75	int
76	generate_challenge(char r_challenge, char r_response, RSA *rsa)
77	{
78	unsigned char secret[32], *tmp = NULL;
79	unsigned long length = 0;
80	int ret = -1;
81
82	if (!rsa)
83	return -1;
84
85	if (!get_randomness(secret, 32))
86	{
87	report_crypto_errors();
88	return -1;
89	}
90
91	*r_response = MyCalloc(65);
92	binary_to_hex(secret, *r_response, 32);
93
94	length = RSA_size(rsa);
95	tmp = MyCalloc(length);
96	ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING);
97
98	*r_challenge = MyCalloc((length << 1) + 1);
99	binary_to_hex(tmp, *r_challenge, length);
100	MyFree(tmp);
101
102	if (ret < 0)
103	{
104	report_crypto_errors();
105	return -1;
106	}
107
108	return 0;
109	}
110	#endif