| 1 |
|
/* |
| 2 |
< |
* ircd-hybrid: an advanced Internet Relay Chat Daemon(ircd). |
| 3 |
< |
* rsa.c: Functions for use with RSA public key cryptography. |
| 2 |
> |
* ircd-hybrid: an advanced, lightweight Internet Relay Chat Daemon (ircd) |
| 3 |
|
* |
| 4 |
< |
* Copyright (C) 2002 by the past and present ircd coders, and others. |
| 4 |
> |
* Copyright (c) 2000-2014 ircd-hybrid development team |
| 5 |
|
* |
| 6 |
|
* This program is free software; you can redistribute it and/or modify |
| 7 |
|
* it under the terms of the GNU General Public License as published by |
| 17 |
|
* along with this program; if not, write to the Free Software |
| 18 |
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 |
| 19 |
|
* USA |
| 20 |
< |
* |
| 21 |
< |
* $Id$ |
| 20 |
> |
*/ |
| 21 |
> |
|
| 22 |
> |
/*! \file rsa.c |
| 23 |
> |
* \brief Functions for use with RSA public key cryptography. |
| 24 |
> |
* \version $Id$ |
| 25 |
|
*/ |
| 26 |
|
|
| 27 |
|
#include "stdinc.h" |
| 52 |
|
ilog(LOG_TYPE_IRCD, "SSL error: %s", ERR_error_string(e, 0)); |
| 53 |
|
} |
| 54 |
|
|
| 55 |
< |
static void |
| 56 |
< |
binary_to_hex(unsigned char *bin, char *hex, int length) |
| 55 |
> |
void |
| 56 |
> |
binary_to_hex(const unsigned char *bin, char *hex, unsigned int length) |
| 57 |
|
{ |
| 58 |
|
static const char trans[] = "0123456789ABCDEF"; |
| 57 |
– |
int i; |
| 59 |
|
|
| 60 |
< |
for (i = 0; i < length; ++i) |
| 60 |
> |
for (const unsigned char *end = bin + length; bin < end; ++bin) |
| 61 |
|
{ |
| 62 |
< |
hex[(i << 1) ] = trans[bin[i] >> 4]; |
| 63 |
< |
hex[(i << 1) + 1] = trans[bin[i] & 0xf]; |
| 62 |
> |
*hex++ = trans[*bin >> 4]; |
| 63 |
> |
*hex++ = trans[*bin & 0xf]; |
| 64 |
|
} |
| 65 |
|
|
| 66 |
< |
hex[i << 1] = '\0'; |
| 66 |
> |
*hex = '\0'; |
| 67 |
|
} |
| 68 |
|
|
| 69 |
|
int |
| 70 |
|
get_randomness(unsigned char *buf, int length) |
| 71 |
|
{ |
| 72 |
< |
/* Seed OpenSSL PRNG with EGD enthropy pool -kre */ |
| 72 |
< |
if (ConfigFileEntry.use_egd && |
| 73 |
< |
ConfigFileEntry.egdpool_path) |
| 74 |
< |
if (RAND_egd(ConfigFileEntry.egdpool_path) == -1) |
| 75 |
< |
return -1; |
| 76 |
< |
|
| 77 |
< |
if (RAND_status()) |
| 78 |
< |
return RAND_bytes(buf, length); |
| 79 |
< |
/* XXX - abort? */ |
| 80 |
< |
return RAND_pseudo_bytes(buf, length); |
| 72 |
> |
return RAND_bytes(buf, length); |
| 73 |
|
} |
| 74 |
|
|
| 75 |
|
int |
| 76 |
|
generate_challenge(char **r_challenge, char **r_response, RSA *rsa) |
| 77 |
|
{ |
| 78 |
< |
unsigned char secret[32], *tmp; |
| 79 |
< |
unsigned long length; |
| 78 |
> |
unsigned char secret[32], *tmp = NULL; |
| 79 |
> |
unsigned long length = 0; |
| 80 |
|
int ret = -1; |
| 81 |
|
|
| 82 |
|
if (!rsa) |
| 83 |
|
return -1; |
| 84 |
|
|
| 85 |
< |
get_randomness(secret, 32); |
| 86 |
< |
*r_response = MyMalloc(65); |
| 85 |
> |
if (!get_randomness(secret, 32)) |
| 86 |
> |
{ |
| 87 |
> |
report_crypto_errors(); |
| 88 |
> |
return -1; |
| 89 |
> |
} |
| 90 |
> |
|
| 91 |
> |
*r_response = MyCalloc(65); |
| 92 |
|
binary_to_hex(secret, *r_response, 32); |
| 93 |
|
|
| 94 |
|
length = RSA_size(rsa); |
| 95 |
< |
tmp = MyMalloc(length); |
| 95 |
> |
tmp = MyCalloc(length); |
| 96 |
|
ret = RSA_public_encrypt(32, secret, tmp, rsa, RSA_PKCS1_PADDING); |
| 97 |
|
|
| 98 |
< |
*r_challenge = MyMalloc((length << 1) + 1); |
| 99 |
< |
binary_to_hex( tmp, *r_challenge, length); |
| 103 |
< |
(*r_challenge)[length<<1] = 0; |
| 98 |
> |
*r_challenge = MyCalloc((length << 1) + 1); |
| 99 |
> |
binary_to_hex(tmp, *r_challenge, length); |
| 100 |
|
MyFree(tmp); |
| 101 |
|
|
| 102 |
|
if (ret < 0) |
