[thirdparty/openssl.git] / crypto / rsa / rsa_lib.c

/*
 * Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
 *
 * Licensed under the OpenSSL license (the "License").  You may not use
 * this file except in compliance with the License.  You can obtain a copy
 * in the file LICENSE in the source distribution or at
 * https://www.openssl.org/source/license.html
 */

#include <stdio.h>
#include <openssl/crypto.h>
#include "internal/cryptlib.h"
#include "internal/refcount.h"
#include "internal/bn_int.h"
#include <openssl/engine.h>
#include <openssl/evp.h>
#include "internal/evp_int.h"
#include "rsa_locl.h"

RSA *RSA_new(void)
{
    return RSA_new_method(NULL);
}

const RSA_METHOD *RSA_get_method(const RSA *rsa)
{
    return rsa->meth;
}

int RSA_set_method(RSA *rsa, const RSA_METHOD *meth)
{
    /*
     * NB: The caller is specifically setting a method, so it's not up to us
     * to deal with which ENGINE it comes from.
     */
    const RSA_METHOD *mtmp;
    mtmp = rsa->meth;
    if (mtmp->finish)
        mtmp->finish(rsa);
#ifndef OPENSSL_NO_ENGINE
    ENGINE_finish(rsa->engine);
    rsa->engine = NULL;
#endif
    rsa->meth = meth;
    if (meth->init)
        meth->init(rsa);
    return 1;
}

RSA *RSA_new_method(ENGINE *engine)
{
    RSA *ret = OPENSSL_zalloc(sizeof(*ret));

    if (ret == NULL) {
        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
        return NULL;
    }

    ret->references = 1;
    ret->lock = CRYPTO_THREAD_lock_new();
    if (ret->lock == NULL) {
        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
        OPENSSL_free(ret);
        return NULL;
    }

    ret->meth = RSA_get_default_method();
#ifndef OPENSSL_NO_ENGINE
    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
    if (engine) {
        if (!ENGINE_init(engine)) {
            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
            goto err;
        }
        ret->engine = engine;
    } else {
        ret->engine = ENGINE_get_default_RSA();
    }
    if (ret->engine) {
        ret->meth = ENGINE_get_RSA(ret->engine);
        if (ret->meth == NULL) {
            RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
            goto err;
        }
    }
#endif

    ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
    if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
        goto err;
    }

    if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
        RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
        goto err;
    }

    return ret;

err:
    RSA_free(ret);
    return NULL;
}

void RSA_free(RSA *r)
{
    int i;

    if (r == NULL)
        return;

    CRYPTO_DOWN_REF(&r->references, &i, r->lock);
    REF_PRINT_COUNT("RSA", r);
    if (i > 0)
        return;
    REF_ASSERT_ISNT(i < 0);

    if (r->meth->finish)
        r->meth->finish(r);
#ifndef OPENSSL_NO_ENGINE
    ENGINE_finish(r->engine);
#endif

    CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);

    CRYPTO_THREAD_lock_free(r->lock);

    BN_clear_free(r->n);
    BN_clear_free(r->e);
    BN_clear_free(r->d);
    BN_clear_free(r->p);
    BN_clear_free(r->q);
    BN_clear_free(r->dmp1);
    BN_clear_free(r->dmq1);
    BN_clear_free(r->iqmp);
    RSA_PSS_PARAMS_free(r->pss);
    BN_BLINDING_free(r->blinding);
    BN_BLINDING_free(r->mt_blinding);
    OPENSSL_free(r->bignum_data);
    OPENSSL_free(r);
}

int RSA_up_ref(RSA *r)
{
    int i;

    if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
        return 0;

    REF_PRINT_COUNT("RSA", r);
    REF_ASSERT_ISNT(i < 2);
    return i > 1 ? 1 : 0;
}

int RSA_set_ex_data(RSA *r, int idx, void *arg)
{
    return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
}

void *RSA_get_ex_data(const RSA *r, int idx)
{
    return CRYPTO_get_ex_data(&r->ex_data, idx);
}

int RSA_security_bits(const RSA *rsa)
{
    return BN_security_bits(BN_num_bits(rsa->n), -1);
}

int RSA_set0_key(RSA *r, BIGNUM *n, BIGNUM *e, BIGNUM *d)
{
    /* If the fields n and e in r are NULL, the corresponding input
     * parameters MUST be non-NULL for n and e.  d may be
     * left NULL (in case only the public key is used).
     */
    if ((r->n == NULL && n == NULL)
        || (r->e == NULL && e == NULL))
        return 0;

    if (n != NULL) {
        BN_free(r->n);
        r->n = n;
    }
    if (e != NULL) {
        BN_free(r->e);
        r->e = e;
    }
    if (d != NULL) {
        BN_free(r->d);
        r->d = d;
    }

    return 1;
}

int RSA_set0_factors(RSA *r, BIGNUM *p, BIGNUM *q)
{
    /* If the fields p and q in r are NULL, the corresponding input
     * parameters MUST be non-NULL.
     */
    if ((r->p == NULL && p == NULL)
        || (r->q == NULL && q == NULL))
        return 0;

    if (p != NULL) {
        BN_free(r->p);
        r->p = p;
    }
    if (q != NULL) {
        BN_free(r->q);
        r->q = q;
    }

    return 1;
}

int RSA_set0_crt_params(RSA *r, BIGNUM *dmp1, BIGNUM *dmq1, BIGNUM *iqmp)
{
    /* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
     * parameters MUST be non-NULL.
     */
    if ((r->dmp1 == NULL && dmp1 == NULL)
        || (r->dmq1 == NULL && dmq1 == NULL)
        || (r->iqmp == NULL && iqmp == NULL))
        return 0;

    if (dmp1 != NULL) {
        BN_free(r->dmp1);
        r->dmp1 = dmp1;
    }
    if (dmq1 != NULL) {
        BN_free(r->dmq1);
        r->dmq1 = dmq1;
    }
    if (iqmp != NULL) {
        BN_free(r->iqmp);
        r->iqmp = iqmp;
    }

    return 1;
}

void RSA_get0_key(const RSA *r,
                  const BIGNUM **n, const BIGNUM **e, const BIGNUM **d)
{
    if (n != NULL)
        *n = r->n;
    if (e != NULL)
        *e = r->e;
    if (d != NULL)
        *d = r->d;
}

void RSA_get0_factors(const RSA *r, const BIGNUM **p, const BIGNUM **q)
{
    if (p != NULL)
        *p = r->p;
    if (q != NULL)
        *q = r->q;
}

void RSA_get0_crt_params(const RSA *r,
                         const BIGNUM **dmp1, const BIGNUM **dmq1,
                         const BIGNUM **iqmp)
{
    if (dmp1 != NULL)
        *dmp1 = r->dmp1;
    if (dmq1 != NULL)
        *dmq1 = r->dmq1;
    if (iqmp != NULL)
        *iqmp = r->iqmp;
}

void RSA_clear_flags(RSA *r, int flags)
{
    r->flags &= ~flags;
}

int RSA_test_flags(const RSA *r, int flags)
{
    return r->flags & flags;
}

void RSA_set_flags(RSA *r, int flags)
{
    r->flags |= flags;
}

ENGINE *RSA_get0_engine(const RSA *r)
{
    return r->engine;
}

int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX *ctx, int optype, int cmd, int p1, void *p2)
{
    /* If key type not RSA or RSA-PSS return error */
    if (ctx != NULL && ctx->pmeth != NULL
        && ctx->pmeth->pkey_id != EVP_PKEY_RSA
        && ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
        return -1;
     return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
}
Commit	Line	Data
2039c421	1	/*
8686c474	2	* Copyright 1995-2017 The OpenSSL Project Authors. All Rights Reserved.
d02b48c6	3	*
2039c421 RS	4	* Licensed under the OpenSSL license (the "License"). You may not use
	5	* this file except in compliance with the License. You can obtain a copy
	6	* in the file LICENSE in the source distribution or at
	7	* https://www.openssl.org/source/license.html
d02b48c6 RE	8	*/
	9
	10	#include <stdio.h>
ec577822	11	#include <openssl/crypto.h>
b39fc560	12	#include "internal/cryptlib.h"
cd420b0b	13	#include "internal/refcount.h"
18125f7f	14	#include "internal/bn_int.h"
3c27208f	15	#include <openssl/engine.h>
e5e04ee3 DSH	16	#include <openssl/evp.h>
e5e04ee3 DSH	17	#include "internal/evp_int.h"
9862e9aa	18	#include "rsa_locl.h"
d02b48c6	19
6b691a5c	20	RSA *RSA_new(void)
0f113f3e	21	{
076fc555	22	return RSA_new_method(NULL);
0f113f3e	23	}
ce8b2574	24
29c1f061	25	const RSA_METHOD RSA_get_method(const RSA rsa)
0f113f3e MC	26	{
	27	return rsa->meth;
	28	}
cb78486d GT	29
cb78486d GT	30	int RSA_set_method(RSA rsa, const RSA_METHOD meth)
0f113f3e MC	31	{
	32	/*
	33	* NB: The caller is specifically setting a method, so it's not up to us
	34	* to deal with which ENGINE it comes from.
	35	*/
	36	const RSA_METHOD *mtmp;
	37	mtmp = rsa->meth;
	38	if (mtmp->finish)
	39	mtmp->finish(rsa);
0b13e9f0	40	#ifndef OPENSSL_NO_ENGINE
7c96dbcd RS	41	ENGINE_finish(rsa->engine);
7c96dbcd RS	42	rsa->engine = NULL;
0b13e9f0	43	#endif
0f113f3e MC	44	rsa->meth = meth;
	45	if (meth->init)
	46	meth->init(rsa);
	47	return 1;
	48	}
ce8b2574	49
5270e702	50	RSA RSA_new_method(ENGINE engine)
0f113f3e	51	{
11ed851d	52	RSA ret = OPENSSL_zalloc(sizeof(ret));
d02b48c6	53
0f113f3e MC	54	if (ret == NULL) {
	55	RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
	56	return NULL;
	57	}
d02b48c6	58
11ed851d F	59	ret->references = 1;
	60	ret->lock = CRYPTO_THREAD_lock_new();
	61	if (ret->lock == NULL) {
	62	RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_MALLOC_FAILURE);
	63	OPENSSL_free(ret);
	64	return NULL;
	65	}
	66
0f113f3e	67	ret->meth = RSA_get_default_method();
0b13e9f0	68	#ifndef OPENSSL_NO_ENGINE
11ed851d	69	ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
0f113f3e MC	70	if (engine) {
	71	if (!ENGINE_init(engine)) {
	72	RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
11ed851d	73	goto err;
0f113f3e MC	74	}
0f113f3e MC	75	ret->engine = engine;
90862ab4	76	} else {
0f113f3e	77	ret->engine = ENGINE_get_default_RSA();
90862ab4	78	}
0f113f3e MC	79	if (ret->engine) {
0f113f3e MC	80	ret->meth = ENGINE_get_RSA(ret->engine);
7c96dbcd	81	if (ret->meth == NULL) {
0f113f3e	82	RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_ENGINE_LIB);
11ed851d	83	goto err;
0f113f3e MC	84	}
0f113f3e MC	85	}
0b13e9f0	86	#endif
0c9de428	87
0f113f3e MC	88	ret->flags = ret->meth->flags & ~RSA_FLAG_NON_FIPS_ALLOW;
0f113f3e MC	89	if (!CRYPTO_new_ex_data(CRYPTO_EX_INDEX_RSA, ret, &ret->ex_data)) {
11ed851d	90	goto err;
d188a536 AG	91	}
	92
	93	if ((ret->meth->init != NULL) && !ret->meth->init(ret)) {
11ed851d F	94	RSAerr(RSA_F_RSA_NEW_METHOD, ERR_R_INIT_FAIL);
11ed851d F	95	goto err;
0f113f3e	96	}
d188a536 AG	97
d188a536 AG	98	return ret;
11ed851d F	99
	100	err:
	101	RSA_free(ret);
	102	return NULL;
0f113f3e	103	}
d02b48c6	104
6b691a5c	105	void RSA_free(RSA *r)
0f113f3e MC	106	{
0f113f3e MC	107	int i;
d02b48c6	108
0f113f3e MC	109	if (r == NULL)
0f113f3e MC	110	return;
d02b48c6	111
2f545ae4	112	CRYPTO_DOWN_REF(&r->references, &i, r->lock);
f3f1cf84	113	REF_PRINT_COUNT("RSA", r);
0f113f3e MC	114	if (i > 0)
0f113f3e MC	115	return;
f3f1cf84	116	REF_ASSERT_ISNT(i < 0);
d02b48c6	117
0f113f3e MC	118	if (r->meth->finish)
0f113f3e MC	119	r->meth->finish(r);
0b13e9f0	120	#ifndef OPENSSL_NO_ENGINE
412bafdc	121	ENGINE_finish(r->engine);
0b13e9f0	122	#endif
d02b48c6	123
0f113f3e	124	CRYPTO_free_ex_data(CRYPTO_EX_INDEX_RSA, r, &r->ex_data);
7abe8305	125
d188a536 AG	126	CRYPTO_THREAD_lock_free(r->lock);
d188a536 AG	127
23a1d5e9 RS	128	BN_clear_free(r->n);
	129	BN_clear_free(r->e);
	130	BN_clear_free(r->d);
	131	BN_clear_free(r->p);
	132	BN_clear_free(r->q);
	133	BN_clear_free(r->dmp1);
	134	BN_clear_free(r->dmq1);
	135	BN_clear_free(r->iqmp);
d771441d	136	RSA_PSS_PARAMS_free(r->pss);
23a1d5e9 RS	137	BN_BLINDING_free(r->blinding);
23a1d5e9 RS	138	BN_BLINDING_free(r->mt_blinding);
4c42ebd2	139	OPENSSL_free(r->bignum_data);
0f113f3e MC	140	OPENSSL_free(r);
0f113f3e MC	141	}
d02b48c6	142
6ac4e8bd	143	int RSA_up_ref(RSA *r)
0f113f3e	144	{
d188a536 AG	145	int i;
d188a536 AG	146
2f545ae4	147	if (CRYPTO_UP_REF(&r->references, &i, r->lock) <= 0)
d188a536	148	return 0;
f3f1cf84 RS	149
	150	REF_PRINT_COUNT("RSA", r);
	151	REF_ASSERT_ISNT(i < 2);
8686c474	152	return i > 1 ? 1 : 0;
0f113f3e	153	}
5cbc2e8b	154
dd9d233e	155	int RSA_set_ex_data(RSA r, int idx, void arg)
0f113f3e	156	{
8686c474	157	return CRYPTO_set_ex_data(&r->ex_data, idx, arg);
0f113f3e	158	}
58964a49	159
29c1f061	160	void RSA_get_ex_data(const RSA r, int idx)
0f113f3e	161	{
8686c474	162	return CRYPTO_get_ex_data(&r->ex_data, idx);
0f113f3e	163	}
58964a49	164
2514fa79	165	int RSA_security_bits(const RSA *rsa)
0f113f3e MC	166	{
	167	return BN_security_bits(BN_num_bits(rsa->n), -1);
	168	}
9862e9aa RL	169
	170	int RSA_set0_key(RSA r, BIGNUM n, BIGNUM e, BIGNUM d)
	171	{
fd809cfd	172	/* If the fields n and e in r are NULL, the corresponding input
1da12e34 RL	173	* parameters MUST be non-NULL for n and e. d may be
1da12e34 RL	174	* left NULL (in case only the public key is used).
1da12e34	175	*/
b84e1226 MC	176	if ((r->n == NULL && n == NULL)
b84e1226 MC	177	\|\| (r->e == NULL && e == NULL))
9862e9aa RL	178	return 0;
9862e9aa RL	179
1da12e34 RL	180	if (n != NULL) {
	181	BN_free(r->n);
	182	r->n = n;
	183	}
	184	if (e != NULL) {
	185	BN_free(r->e);
	186	r->e = e;
	187	}
	188	if (d != NULL) {
	189	BN_free(r->d);
	190	r->d = d;
	191	}
9862e9aa RL	192
	193	return 1;
	194	}
	195
	196	int RSA_set0_factors(RSA r, BIGNUM p, BIGNUM *q)
	197	{
fd809cfd	198	/* If the fields p and q in r are NULL, the corresponding input
1da12e34	199	* parameters MUST be non-NULL.
1da12e34	200	*/
b84e1226 MC	201	if ((r->p == NULL && p == NULL)
b84e1226 MC	202	\|\| (r->q == NULL && q == NULL))
9862e9aa RL	203	return 0;
9862e9aa RL	204
1da12e34 RL	205	if (p != NULL) {
	206	BN_free(r->p);
	207	r->p = p;
	208	}
	209	if (q != NULL) {
	210	BN_free(r->q);
	211	r->q = q;
	212	}
9862e9aa RL	213
	214	return 1;
	215	}
	216
	217	int RSA_set0_crt_params(RSA r, BIGNUM dmp1, BIGNUM dmq1, BIGNUM iqmp)
	218	{
fd809cfd	219	/* If the fields dmp1, dmq1 and iqmp in r are NULL, the corresponding input
1da12e34	220	* parameters MUST be non-NULL.
1da12e34	221	*/
b84e1226 MC	222	if ((r->dmp1 == NULL && dmp1 == NULL)
	223	\|\| (r->dmq1 == NULL && dmq1 == NULL)
	224	\|\| (r->iqmp == NULL && iqmp == NULL))
9862e9aa RL	225	return 0;
9862e9aa RL	226
1da12e34 RL	227	if (dmp1 != NULL) {
	228	BN_free(r->dmp1);
	229	r->dmp1 = dmp1;
	230	}
	231	if (dmq1 != NULL) {
	232	BN_free(r->dmq1);
	233	r->dmq1 = dmq1;
	234	}
	235	if (iqmp != NULL) {
	236	BN_free(r->iqmp);
	237	r->iqmp = iqmp;
	238	}
9862e9aa RL	239
	240	return 1;
	241	}
	242
fd809cfd RL	243	void RSA_get0_key(const RSA *r,
fd809cfd RL	244	const BIGNUM n, const BIGNUM e, const BIGNUM **d)
9862e9aa RL	245	{
	246	if (n != NULL)
	247	*n = r->n;
	248	if (e != NULL)
	249	*e = r->e;
	250	if (d != NULL)
	251	*d = r->d;
	252	}
	253
fd809cfd	254	void RSA_get0_factors(const RSA r, const BIGNUM p, const BIGNUM *q)
9862e9aa RL	255	{
	256	if (p != NULL)
	257	*p = r->p;
	258	if (q != NULL)
	259	*q = r->q;
	260	}
	261
	262	void RSA_get0_crt_params(const RSA *r,
fd809cfd RL	263	const BIGNUM dmp1, const BIGNUM dmq1,
fd809cfd RL	264	const BIGNUM **iqmp)
9862e9aa RL	265	{
	266	if (dmp1 != NULL)
	267	*dmp1 = r->dmp1;
	268	if (dmq1 != NULL)
	269	*dmq1 = r->dmq1;
	270	if (iqmp != NULL)
	271	*iqmp = r->iqmp;
	272	}
	273
	274	void RSA_clear_flags(RSA *r, int flags)
	275	{
	276	r->flags &= ~flags;
	277	}
	278
	279	int RSA_test_flags(const RSA *r, int flags)
	280	{
	281	return r->flags & flags;
	282	}
	283
	284	void RSA_set_flags(RSA *r, int flags)
	285	{
	286	r->flags \|= flags;
	287	}
	288
e0685d24	289	ENGINE RSA_get0_engine(const RSA r)
9862e9aa RL	290	{
	291	return r->engine;
	292	}
e5e04ee3 DSH	293
	294	int RSA_pkey_ctx_ctrl(EVP_PKEY_CTX ctx, int optype, int cmd, int p1, void p2)
	295	{
	296	/* If key type not RSA or RSA-PSS return error */
	297	if (ctx != NULL && ctx->pmeth != NULL
	298	&& ctx->pmeth->pkey_id != EVP_PKEY_RSA
	299	&& ctx->pmeth->pkey_id != EVP_PKEY_RSA_PSS)
	300	return -1;
	301	return EVP_PKEY_CTX_ctrl(ctx, -1, optype, cmd, p1, p2);
	302	}