KNF

1 files changed, 135 insertions, 156 deletions

diff --git a/lib/libcrypto/rsa/rsa_sign.c b/lib/libcrypto/rsa/rsa_sign.c
index 4642775964e..239435fe919 100644
--- a/lib/libcrypto/rsa/rsa_sign.c
+++ b/lib/libcrypto/rsa/rsa_sign.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: rsa_sign.c,v 1.17 2014/06/12 15:49:30 deraadt Exp $ */
+/* $OpenBSD: rsa_sign.c,v 1.18 2014/07/09 08:20:08 miod Exp $ */
 /* Copyright (C) 1995-1998 Eric Young (eay@cryptsoft.com)
  * All rights reserved.
  *
@@ -67,233 +67,212 @@
 /* Size of an SSL signature: MD5+SHA1 */
 #define SSL_SIG_LENGTH	36
 
-int RSA_sign(int type, const unsigned char *m, unsigned int m_len,
-	     unsigned char *sigret, unsigned int *siglen, RSA *rsa)
-	{
+int
+RSA_sign(int type, const unsigned char *m, unsigned int m_len,
+    unsigned char *sigret, unsigned int *siglen, RSA *rsa)
+{
 	X509_SIG sig;
 	ASN1_TYPE parameter;
-	int i,j,ret=1;
+	int i, j, ret = 1;
 	unsigned char *p, *tmps = NULL;
 	const unsigned char *s = NULL;
 	X509_ALGOR algor;
 	ASN1_OCTET_STRING digest;
-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
-		{
-		return rsa->meth->rsa_sign(type, m, m_len,
-			sigret, siglen, rsa);
-		}
+
+	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_sign)
+		return rsa->meth->rsa_sign(type, m, m_len, sigret, siglen, rsa);
+
 	/* Special case: SSL signature, just check the length */
-	if(type == NID_md5_sha1) {
-		if(m_len != SSL_SIG_LENGTH) {
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_INVALID_MESSAGE_LENGTH);
-			return(0);
+	if (type == NID_md5_sha1) {
+		if (m_len != SSL_SIG_LENGTH) {
+			RSAerr(RSA_F_RSA_SIGN, RSA_R_INVALID_MESSAGE_LENGTH);
+			return 0;
 		}
 		i = SSL_SIG_LENGTH;
 		s = m;
 	} else {
-		sig.algor= &algor;
-		sig.algor->algorithm=OBJ_nid2obj(type);
-		if (sig.algor->algorithm == NULL)
-			{
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_UNKNOWN_ALGORITHM_TYPE);
-			return(0);
-			}
-		if (sig.algor->algorithm->length == 0)
-			{
-			RSAerr(RSA_F_RSA_SIGN,RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
-			return(0);
-			}
-		parameter.type=V_ASN1_NULL;
-		parameter.value.ptr=NULL;
-		sig.algor->parameter= &parameter;
+		sig.algor = &algor;
+		sig.algor->algorithm = OBJ_nid2obj(type);
+		if (sig.algor->algorithm == NULL) {
+			RSAerr(RSA_F_RSA_SIGN, RSA_R_UNKNOWN_ALGORITHM_TYPE);
+			return 0;
+		}
+		if (sig.algor->algorithm->length == 0) {
+			RSAerr(RSA_F_RSA_SIGN,
+			    RSA_R_THE_ASN1_OBJECT_IDENTIFIER_IS_NOT_KNOWN_FOR_THIS_MD);
+			return 0;
+		}
+		parameter.type = V_ASN1_NULL;
+		parameter.value.ptr = NULL;
+		sig.algor->parameter = &parameter;
 
-		sig.digest= &digest;
-		sig.digest->data=(unsigned char *)m; /* TMP UGLY CAST */
-		sig.digest->length=m_len;
+		sig.digest = &digest;
+		sig.digest->data = (unsigned char *)m; /* TMP UGLY CAST */
+		sig.digest->length = m_len;
 
-		i=i2d_X509_SIG(&sig,NULL);
+		i = i2d_X509_SIG(&sig, NULL);
+	}
+	j = RSA_size(rsa);
+	if (i > j - RSA_PKCS1_PADDING_SIZE) {
+		RSAerr(RSA_F_RSA_SIGN, RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
+		return 0;
 	}
-	j=RSA_size(rsa);
-	if (i > (j-RSA_PKCS1_PADDING_SIZE))
-		{
-		RSAerr(RSA_F_RSA_SIGN,RSA_R_DIGEST_TOO_BIG_FOR_RSA_KEY);
-		return(0);
+	if (type != NID_md5_sha1) {
+		tmps = malloc((unsigned int)j + 1);
+		if (tmps == NULL) {
+			RSAerr(RSA_F_RSA_SIGN, ERR_R_MALLOC_FAILURE);
+			return 0;
 		}
-	if(type != NID_md5_sha1) {
-		tmps = malloc((unsigned int)j+1);
-		if (tmps == NULL)
-			{
-			RSAerr(RSA_F_RSA_SIGN,ERR_R_MALLOC_FAILURE);
-			return(0);
-			}
-		p=tmps;
-		i2d_X509_SIG(&sig,&p);
-		s=tmps;
+		p = tmps;
+		i2d_X509_SIG(&sig, &p);
+		s = tmps;
 	}
-	i=RSA_private_encrypt(i,s,sigret,rsa,RSA_PKCS1_PADDING);
+	i = RSA_private_encrypt(i, s, sigret, rsa, RSA_PKCS1_PADDING);
 	if (i <= 0)
-		ret=0;
+		ret = 0;
 	else
-		*siglen=i;
+		*siglen = i;
 
-	if(type != NID_md5_sha1) {
-		OPENSSL_cleanse(tmps,(unsigned int)j+1);
+	if (type != NID_md5_sha1) {
+		OPENSSL_cleanse(tmps, (unsigned int)j + 1);
 		free(tmps);
 	}
 	return(ret);
-	}
+}
 
-int int_rsa_verify(int dtype, const unsigned char *m,
-			  unsigned int m_len,
-			  unsigned char *rm, size_t *prm_len,
-			  const unsigned char *sigbuf, size_t siglen,
-			  RSA *rsa)
-	{
-	int i,ret=0,sigtype;
+int
+int_rsa_verify(int dtype, const unsigned char *m, unsigned int m_len,
+    unsigned char *rm, size_t *prm_len, const unsigned char *sigbuf,
+    size_t siglen, RSA *rsa)
+{
+	int i, ret = 0, sigtype;
 	unsigned char *s;
-	X509_SIG *sig=NULL;
+	X509_SIG *sig = NULL;
 
-	if (siglen != (unsigned int)RSA_size(rsa))
-		{
-		RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_WRONG_SIGNATURE_LENGTH);
-		return(0);
-		}
+	if (siglen != (unsigned int)RSA_size(rsa)) {
+		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_WRONG_SIGNATURE_LENGTH);
+		return 0;
+	}
 
-	if((dtype == NID_md5_sha1) && rm)
-		{
-		i = RSA_public_decrypt((int)siglen,
-					sigbuf,rm,rsa,RSA_PKCS1_PADDING);
+	if ((dtype == NID_md5_sha1) && rm) {
+		i = RSA_public_decrypt((int)siglen, sigbuf, rm, rsa,
+		    RSA_PKCS1_PADDING);
 		if (i <= 0)
 			return 0;
 		*prm_len = i;
 		return 1;
-		}
+	}
 
 	s = malloc((unsigned int)siglen);
-	if (s == NULL)
-		{
-		RSAerr(RSA_F_INT_RSA_VERIFY,ERR_R_MALLOC_FAILURE);
+	if (s == NULL) {
+		RSAerr(RSA_F_INT_RSA_VERIFY, ERR_R_MALLOC_FAILURE);
+		goto err;
+	}
+	if (dtype == NID_md5_sha1 && m_len != SSL_SIG_LENGTH) {
+		RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_INVALID_MESSAGE_LENGTH);
 		goto err;
-		}
-	if((dtype == NID_md5_sha1) && (m_len != SSL_SIG_LENGTH) ) {
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_INVALID_MESSAGE_LENGTH);
-			goto err;
 	}
-	i=RSA_public_decrypt((int)siglen,sigbuf,s,rsa,RSA_PKCS1_PADDING);
+	i = RSA_public_decrypt((int)siglen, sigbuf, s, rsa, RSA_PKCS1_PADDING);
 
-	if (i <= 0) goto err;
-	/* Oddball MDC2 case: signature can be OCTET STRING.
+	if (i <= 0)
+		goto err;
+
+	/*
+	 * Oddball MDC2 case: signature can be OCTET STRING.
 	 * check for correct tag and length octets.
 	 */
-	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10)
-		{
-		if (rm)
-			{
+	if (dtype == NID_mdc2 && i == 18 && s[0] == 0x04 && s[1] == 0x10) {
+		if (rm) {
 			memcpy(rm, s + 2, 16);
 			*prm_len = 16;
 			ret = 1;
-			}
-		else if(memcmp(m, s + 2, 16))
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+		} else if (memcmp(m, s + 2, 16))
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
 		else
 			ret = 1;
-		}
+	}
 
 	/* Special case: SSL signature */
-	if(dtype == NID_md5_sha1) {
-		if((i != SSL_SIG_LENGTH) || memcmp(s, m, SSL_SIG_LENGTH))
-				RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-		else ret = 1;
+	if (dtype == NID_md5_sha1) {
+		if (i != SSL_SIG_LENGTH || memcmp(s, m, SSL_SIG_LENGTH))
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+		else
+			ret = 1;
 	} else {
 		const unsigned char *p=s;
-		sig=d2i_X509_SIG(NULL,&p,(long)i);
 
-		if (sig == NULL) goto err;
+		sig = d2i_X509_SIG(NULL, &p, (long)i);
+
+		if (sig == NULL)
+			goto err;
 
 		/* Excess data can be used to create forgeries */
-		if(p != s+i)
-			{
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+		if (p != s + i) {
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
 			goto err;
-			}
+		}
 
 		/* Parameters to the signature algorithm can also be used to
 		   create forgeries */
-		if(sig->algor->parameter
-		   && ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL)
-			{
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
+		if (sig->algor->parameter &&
+		    ASN1_TYPE_get(sig->algor->parameter) != V_ASN1_NULL) {
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
 			goto err;
-			}
-
-		sigtype=OBJ_obj2nid(sig->algor->algorithm);
+		}
 
+		sigtype = OBJ_obj2nid(sig->algor->algorithm);
 
-	#ifdef RSA_DEBUG
-		/* put a backward compatibility flag in EAY */
-		fprintf(stderr,"in(%s) expect(%s)\n",OBJ_nid2ln(sigtype),
-			OBJ_nid2ln(dtype));
-	#endif
-		if (sigtype != dtype)
-			{
-			if (((dtype == NID_md5) &&
-				(sigtype == NID_md5WithRSAEncryption)) ||
-				((dtype == NID_md2) &&
-				(sigtype == NID_md2WithRSAEncryption)))
-				{
+		if (sigtype != dtype) {
+			if ((dtype == NID_md5 &&
+			     sigtype == NID_md5WithRSAEncryption) ||
+			    (dtype == NID_md2 &&
+			     sigtype == NID_md2WithRSAEncryption)) {
 				/* ok, we will let it through */
-				fprintf(stderr,"signature has problems, re-make with post SSLeay045\n");
-				}
-			else
-				{
+				fprintf(stderr,
+				    "signature has problems, "
+				    "re-make with post SSLeay045\n");
+			} else {
 				RSAerr(RSA_F_INT_RSA_VERIFY,
-						RSA_R_ALGORITHM_MISMATCH);
+				    RSA_R_ALGORITHM_MISMATCH);
 				goto err;
-				}
 			}
-		if (rm)
-			{
+		}
+		if (rm) {
 			const EVP_MD *md;
+
 			md = EVP_get_digestbynid(dtype);
 			if (md && (EVP_MD_size(md) != sig->digest->length))
 				RSAerr(RSA_F_INT_RSA_VERIFY,
-						RSA_R_INVALID_DIGEST_LENGTH);
-			else
-				{
+				    RSA_R_INVALID_DIGEST_LENGTH);
+			else {
 				memcpy(rm, sig->digest->data,
-							sig->digest->length);
+				    sig->digest->length);
 				*prm_len = sig->digest->length;
 				ret = 1;
-				}
 			}
-		else if (((unsigned int)sig->digest->length != m_len) ||
-			(memcmp(m,sig->digest->data,m_len) != 0))
-			{
-			RSAerr(RSA_F_INT_RSA_VERIFY,RSA_R_BAD_SIGNATURE);
-			}
-		else
-			ret=1;
+		} else if ((unsigned int)sig->digest->length != m_len ||
+		    memcmp(m,sig->digest->data,m_len) != 0) {
+			RSAerr(RSA_F_INT_RSA_VERIFY, RSA_R_BAD_SIGNATURE);
+		} else
+			ret = 1;
 	}
 err:
-	if (sig != NULL) X509_SIG_free(sig);
-	if (s != NULL)
-		{
-		OPENSSL_cleanse(s,(unsigned int)siglen);
+	if (sig != NULL)
+		X509_SIG_free(sig);
+	if (s != NULL) {
+		OPENSSL_cleanse(s, (unsigned int)siglen);
 		free(s);
-		}
-	return(ret);
 	}
+	return ret;
+}
 
-int RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
-		const unsigned char *sigbuf, unsigned int siglen,
-		RSA *rsa)
-	{
-
-	if((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
-		{
-		return rsa->meth->rsa_verify(dtype, m, m_len,
-			sigbuf, siglen, rsa);
-		}
+int
+RSA_verify(int dtype, const unsigned char *m, unsigned int m_len,
+    const unsigned char *sigbuf, unsigned int siglen, RSA *rsa)
+{
+	if ((rsa->flags & RSA_FLAG_SIGN_VER) && rsa->meth->rsa_verify)
+		return rsa->meth->rsa_verify(dtype, m, m_len, sigbuf, siglen,
+		    rsa);
 
 	return int_rsa_verify(dtype, m, m_len, NULL, NULL, sigbuf, siglen, rsa);
-	}
+}