const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL) {
#ifdef RSA_NULL
default_RSA_meth = RSA_null_method();
#else
default_RSA_meth = RSA_PKCS1_OpenSSL();
#endif
}
return default_RSA_meth;
}
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
#if 0 /* was: #ifdef RSAref */
default_RSA_meth=RSA_PKCS1_RSAref();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
#endif
}
return default_RSA_meth;
}
const RSA_METHOD *RSA_get_default_method(void)
{
if (default_RSA_meth == NULL)
{
#ifdef OPENSSL_FIPS
if (FIPS_mode())
return FIPS_rsa_pkcs1_ssleay();
else
return RSA_PKCS1_SSLeay();
#else
#ifdef RSA_NULL
default_RSA_meth=RSA_null_method();
#else
default_RSA_meth=RSA_PKCS1_SSLeay();
#endif
#endif
}
return default_RSA_meth;
}
static int cswift_rsa_mod_exp(BIGNUM *r0, const BIGNUM *I, RSA *rsa)
{
BN_CTX *ctx;
int to_return = 0;
const RSA_METHOD * def_rsa_method;
/* Try the limits of RSA (2048 bits) */
if(BN_num_bytes(rsa->p) > 128 ||
BN_num_bytes(rsa->q) > 128 ||
BN_num_bytes(rsa->dmp1) > 128 ||
BN_num_bytes(rsa->dmq1) > 128 ||
BN_num_bytes(rsa->iqmp) > 128)
{
#ifdef RSA_NULL
def_rsa_method=RSA_null_method();
#else
#if 0
def_rsa_method=RSA_PKCS1_RSAref();
#else
def_rsa_method=RSA_PKCS1_SSLeay();
#endif
#endif
if(def_rsa_method)
return def_rsa_method->rsa_mod_exp(r0, I, rsa);
}
if((ctx = BN_CTX_new()) == NULL)
goto err;
if(!rsa->p || !rsa->q || !rsa->dmp1 || !rsa->dmq1 || !rsa->iqmp)
{
CSWIFTerr(CSWIFT_F_CSWIFT_RSA_MOD_EXP,CSWIFT_R_MISSING_KEY_COMPONENTS);
goto err;
}
to_return = cswift_mod_exp_crt(r0, I, rsa->p, rsa->q, rsa->dmp1,
rsa->dmq1, rsa->iqmp, ctx);
err:
if(ctx)
BN_CTX_free(ctx);
return to_return;
}
/* This function is aliased to mod_exp (with the mont stuff dropped). */
static int cswift_mod_exp_mont(BIGNUM *r, const BIGNUM *a, const BIGNUM *p,
const BIGNUM *m, BN_CTX *ctx,
BN_MONT_CTX *m_ctx)
{
const RSA_METHOD *def_rsa_method;
/* Try the limits of RSA (2048 bits) */
if (BN_num_bytes(r) > 256 ||
BN_num_bytes(a) > 256 || BN_num_bytes(m) > 256) {
# ifdef RSA_NULL
def_rsa_method = RSA_null_method();
# else
# if 0
def_rsa_method = RSA_PKCS1_RSAref();
# else
def_rsa_method = RSA_PKCS1_SSLeay();
# endif
# endif
if (def_rsa_method)
return def_rsa_method->bn_mod_exp(r, a, p, m, ctx, m_ctx);
}
return cswift_mod_exp(r, a, p, m, ctx);
}
void
ENGINE_load_builtin_engines(void)
{
ENGINE *engine;
int ret;
engine = ENGINE_new();
if (engine == NULL) {
return;
}
ENGINE_set_id(engine, "builtin");
ENGINE_set_name(engine,
"cryptoshims builtin engine version " PACKAGE_VERSION);
/*
* XXX <radr://problem/107832242> and <rda://problem/8174874> are
* blocking the use of CommonCrypto's RSA code for OpenSSH.
*
* XXX <rdar://problem/10488503> is blocking the use of
* CommonCrypto's (non-existing) DSA.
*
* XXX <rdar://problem/10771223> and <rdar://problem/10771188> are
* blocking the use of CommonCrypto's DH code.
*/
#if !defined(PR_10783242_FIXED) || !defined(PR_8174774_FIXED) || !defined(PR_10488503_FIXED) || !defined(PR_10771223_FIXED) || !defined(PR_10771188_FIXED)
ENGINE_set_DH(engine, DH_eay_method());
ENGINE_set_DSA(engine, DSA_eay_method());
ENGINE_set_RSA(engine, RSA_eay_method());
#elif defined(HAVE_COMMONCRYPTO_COMMONRSACRYPTOR_H) && defined(HAVE_COMMONCRYPTO_COMMONDH_H) && defined(HAVE_COMMONCRYPTO_COMMONDSACRYPTOR_H)
ENGINE_set_DH(engine, DH_eay_method());
ENGINE_set_DSA(engine, DSA_eay_method());
ENGINE_set_RSA(engine, RSA_cc_method());
#elif HAVE_CDSA
ENGINE_set_DH(engine, DH_cdsa_method());
ENGINE_set_DSA(engine, DSA_null_method());
ENGINE_set_RSA(engine, RSA_cdsa_method());
#elif defined(__APPLE_TARGET_EMBEDDED__)
ENGINE_set_DH(engine, DH_null_method());
ENGINE_set_DSA(engine, DSA_null_method());
ENGINE_set_RSA(engine, RSA_null_method());
#elif defined(HEIM_HC_SF)
ENGINE_set_RSA(engine, RSA_ltm_method());
ENGINE_set_DH(engine, DH_sf_method());
ENGINE_set_DSA(engine, DSA_null_method());
#elif defined(HEIM_HC_LTM)
ENGINE_set_RSA(engine, RSA_ltm_method());
ENGINE_set_DH(engine, DH_ltm_method());
ENGINE_set_DSA(engine, DSA_null_method());
#else
ENGINE_set_RSA(engine, RSA_tfm_method());
ENGINE_set_DH(engine, DH_tfm_method());
ENGINE_set_DSA(engine, DSA_null_method());
#endif
ret = add_engine(engine);
if (ret != 1) {
ENGINE_finish(engine);
}
#if !defined(PR_10783242_FIXED) || !defined(PR_8174774_FIXED) || !defined(PR_1048850_FIXED) || !defined(PR_10771223_FIXED) || !defined(PR_10771188_FIXED)
/*
* EAY
*/
engine = ENGINE_new();
if (engine == NULL) {
return;
}
ENGINE_set_id(engine, "eay");
ENGINE_set_name(engine,
"ossl eay engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_eay_method());
ENGINE_set_DH(engine, DH_eay_method());
ENGINE_set_DSA(engine, DSA_eay_method());
ret = add_engine(engine);
if (ret != 1) {
ENGINE_finish(engine);
}
#endif
#if defined(HAVE_COMMONCRYPTO_COMMONRSACRYPTOR_H) && defined(HAVE_COMMONCRYPTO_COMMONDH_H) && defined(HAVE_COMMONCRYPTO_COMMONDSACRYPTOR_H)
/*
* CC
*/
engine = ENGINE_new();
if (engine == NULL) {
return;
}
ENGINE_set_id(engine, "cc");
ENGINE_set_name(engine,
"ossl cc engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_cc_method());
ENGINE_set_DH(engine, DH_cc_method());
ENGINE_set_DSA(engine, DSA_eay_method());
ret = add_engine(engine);
if (ret != 1) {
ENGINE_finish(engine);
}
#endif /* COMMONCRYPTO */
#ifdef USE_HCRYPTO_TFM
/*
* TFM
*/
engine = ENGINE_new();
if (engine == NULL) {
return;
}
ENGINE_set_id(engine, "tfm");
ENGINE_set_name(engine,
"ossl tfm engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_tfm_method());
ENGINE_set_DH(engine, DH_tfm_method());
ret = add_engine(engine);
if (ret != 1) {
ENGINE_finish(engine);
}
#endif /* USE_HCRYPTO_TFM */
#ifdef USE_HCRYPTO_LTM
/*
* ltm
*/
engine = ENGINE_new();
if (engine == NULL) {
return;
}
ENGINE_set_id(engine, "ltm");
ENGINE_set_name(engine,
"ossl ltm engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_ltm_method());
ENGINE_set_DH(engine, DH_ltm_method());
ret = add_engine(engine);
if (ret != 1) {
ENGINE_finish(engine);
}
#endif
#ifdef HAVE_GMP
/*
* gmp
*/
engine = ENGINE_new();
if (engine == NULL) {
return;
}
ENGINE_set_id(engine, "gmp");
ENGINE_set_name(engine,
"ossl gmp engine version " PACKAGE_VERSION);
ENGINE_set_RSA(engine, RSA_gmp_method());
ret = add_engine(engine);
if (ret != 1) {
ENGINE_finish(engine);
}
#endif
}
