]> git.ipfire.org Git - thirdparty/openssl.git/blame - crypto/rsa/rsa_pmeth.c
projects / thirdparty / openssl.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add control to retrieve signature MD.
[thirdparty/openssl.git] / crypto / rsa / rsa_pmeth.c
CommitLineData
09b88a4a 1/* crypto/rsa/rsa_pmeth.c */
2e597528 2/* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
0b6f3c66
DSH		 3 * project 2006.
4 */
5/* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59#include <stdio.h>
60#include "cryptlib.h"
61#include <openssl/asn1t.h>
62#include <openssl/x509.h>
63#include <openssl/rsa.h>
1e26a8ba 64#include <openssl/bn.h>
b2a97be7 65#include <openssl/evp.h>
271fef0e 66#include <openssl/x509v3.h>
b3339050
DSH		 67#ifndef OPENSSL_NO_CMS
68#include <openssl/cms.h>
69#endif
0b6f3c66 70#include "evp_locl.h"
777c47ac 71#include "rsa_locl.h"
b2a97be7 72
07e970c7
DSH		 73/* RSA pkey context structure */
74
75typedef struct
76 {
77 /* Key gen parameters */
78 int nbits;
79 BIGNUM *pub_exp;
f5cda4cb
DSH		 80 /* Keygen callback info */
81 int gentmp[2];
07e970c7
DSH		 82 /* RSA padding mode */
83 int pad_mode;
4f59b658 84 /* message digest */
75d44c04 85 const EVP_MD *md;
77f4b6ba
DSH		 86 /* message digest for MGF1 */
87 const EVP_MD *mgf1md;
271fef0e 88 /* PSS salt length */
a7ffd9d1 89 int saltlen;
b2a97be7
DSH		 90 /* Temp buffer */
91 unsigned char *tbuf;
271fef0e
DSH		 92 /* OAEP label */
93 unsigned char *oaep_label;
94 size_t oaep_labellen;
07e970c7
DSH		 95 } RSA_PKEY_CTX;
96
97static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
98 {
99 RSA_PKEY_CTX *rctx;
100 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
101 if (!rctx)
102 return 0;
103 rctx->nbits = 1024;
104 rctx->pub_exp = NULL;
105 rctx->pad_mode = RSA_PKCS1_PADDING;
75d44c04 106 rctx->md = NULL;
77f4b6ba 107 rctx->mgf1md = NULL;
b2a97be7
DSH		 108 rctx->tbuf = NULL;
109
a7ffd9d1 110 rctx->saltlen = -2;
29db322e 111
271fef0e
DSH		 112 rctx->oaep_label = NULL;
113 rctx->oaep_labellen = 0;
114
07e970c7 115 ctx->data = rctx;
f5cda4cb
DSH		 116 ctx->keygen_info = rctx->gentmp;
117 ctx->keygen_info_count = 2;
b2a97be7
DSH		 118
119 return 1;
120 }
121
8bdcef40
DSH		 122static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
123 {
124 RSA_PKEY_CTX *dctx, *sctx;
125 if (!pkey_rsa_init(dst))
126 return 0;
127 sctx = src->data;
128 dctx = dst->data;
129 dctx->nbits = sctx->nbits;
130 if (sctx->pub_exp)
131 {
132 dctx->pub_exp = BN_dup(sctx->pub_exp);
133 if (!dctx->pub_exp)
134 return 0;
135 }
136 dctx->pad_mode = sctx->pad_mode;
137 dctx->md = sctx->md;
271fef0e
DSH		 138 dctx->mgf1md = sctx->mgf1md;
139 if (sctx->oaep_label)
140 {
141 if (dctx->oaep_label)
142 OPENSSL_free(dctx->oaep_label);
143 dctx->oaep_label = BUF_memdup(sctx->oaep_label,
144 sctx->oaep_labellen);
145 if (!dctx->oaep_label)
146 return 0;
147 dctx->oaep_labellen = sctx->oaep_labellen;
148 }
8bdcef40
DSH		 149 return 1;
150 }
151
b2a97be7
DSH		 152static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
153 {
154 if (ctx->tbuf)
155 return 1;
156 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
157 if (!ctx->tbuf)
158 return 0;
07e970c7
DSH		 159 return 1;
160 }
161
162static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
163 {
164 RSA_PKEY_CTX *rctx = ctx->data;
165 if (rctx)
166 {
167 if (rctx->pub_exp)
168 BN_free(rctx->pub_exp);
9fdab72d
DSH		 169 if (rctx->tbuf)
170 OPENSSL_free(rctx->tbuf);
271fef0e
DSH		 171 if (rctx->oaep_label)
172 OPENSSL_free(rctx->oaep_label);
c927df3f 173 OPENSSL_free(rctx);
07e970c7 174 }
07e970c7
DSH		 175 }
176
eaff5a14
DSH		 177static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
178 const unsigned char *tbs, size_t tbslen)
07e970c7
DSH		 179 {
180 int ret;
181 RSA_PKEY_CTX *rctx = ctx->data;
a7ffd9d1 182 RSA *rsa = ctx->pkey->pkey.rsa;
b2a97be7 183
75d44c04 184 if (rctx->md)
b2a97be7 185 {
eaff5a14 186 if (tbslen != (size_t)EVP_MD_size(rctx->md))
75d44c04
DSH		 187 {
188 RSAerr(RSA_F_PKEY_RSA_SIGN,
189 RSA_R_INVALID_DIGEST_LENGTH);
190 return -1;
191 }
58631637
DSH		 192
193 if (EVP_MD_type(rctx->md) == NID_mdc2)
194 {
195 unsigned int sltmp;
196 if (rctx->pad_mode != RSA_PKCS1_PADDING)
197 return -1;
198 ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
199 tbs, tbslen, sig, &sltmp, rsa);
200
201 if (ret <= 0)
202 return ret;
203 ret = sltmp;
204 }
205 else if (rctx->pad_mode == RSA_X931_PADDING)
b2a97be7
DSH		 206 {
207 if (!setup_tbuf(rctx, ctx))
208 return -1;
209 memcpy(rctx->tbuf, tbs, tbslen);
75d44c04
DSH		 210 rctx->tbuf[tbslen] =
211 RSA_X931_hash_id(EVP_MD_type(rctx->md));
b2a97be7 212 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
a7ffd9d1 213 sig, rsa, RSA_X931_PADDING);
b2a97be7
DSH		 214 }
215 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
216 {
217 unsigned int sltmp;
75d44c04 218 ret = RSA_sign(EVP_MD_type(rctx->md),
a7ffd9d1 219 tbs, tbslen, sig, &sltmp, rsa);
4f59b658
DSH		 220 if (ret <= 0)
221 return ret;
222 ret = sltmp;
b2a97be7 223 }
a7ffd9d1
DSH		 224 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
225 {
226 if (!setup_tbuf(rctx, ctx))
227 return -1;
bf8883b3
DSH		 228 if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
229 rctx->tbuf, tbs,
230 rctx->md, rctx->mgf1md,
231 rctx->saltlen))
a7ffd9d1
DSH		 232 return -1;
233 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
234 sig, rsa, RSA_NO_PADDING);
235 }
b2a97be7
DSH		 236 else
237 return -1;
238 }
239 else
240 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
07e970c7
DSH		 241 rctx->pad_mode);
242 if (ret < 0)
243 return ret;
244 *siglen = ret;
245 return 1;
246 }
247
248
249static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
eaff5a14
DSH		 250 unsigned char *rout, size_t *routlen,
251 const unsigned char *sig, size_t siglen)
07e970c7
DSH		 252 {
253 int ret;
254 RSA_PKEY_CTX *rctx = ctx->data;
b2a97be7 255
75d44c04 256 if (rctx->md)
b2a97be7
DSH		 257 {
258 if (rctx->pad_mode == RSA_X931_PADDING)
259 {
260 if (!setup_tbuf(rctx, ctx))
261 return -1;
4f59b658 262 ret = RSA_public_decrypt(siglen, sig,
b2a97be7
DSH		 263 rctx->tbuf, ctx->pkey->pkey.rsa,
264 RSA_X931_PADDING);
265 if (ret < 1)
266 return 0;
9fdab72d 267 ret--;
75d44c04
DSH		 268 if (rctx->tbuf[ret] !=
269 RSA_X931_hash_id(EVP_MD_type(rctx->md)))
b2a97be7
DSH		 270 {
271 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
272 RSA_R_ALGORITHM_MISMATCH);
273 return 0;
274 }
75d44c04
DSH		 275 if (ret != EVP_MD_size(rctx->md))
276 {
277 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
278 RSA_R_INVALID_DIGEST_LENGTH);
279 return 0;
280 }
4f59b658
DSH		 281 if (rout)
282 memcpy(rout, rctx->tbuf, ret);
b2a97be7
DSH		 283 }
284 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
285 {
786aa98d 286 size_t sltmp;
75d44c04 287 ret = int_rsa_verify(EVP_MD_type(rctx->md),
4f59b658
DSH		 288 NULL, 0, rout, &sltmp,
289 sig, siglen, ctx->pkey->pkey.rsa);
3cbb15ee
DSH		 290 if (ret <= 0)
291 return 0;
716630c0 292 ret = sltmp;
b2a97be7
DSH		 293 }
294 else
295 return -1;
296 }
297 else
4f59b658 298 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
07e970c7
DSH		 299 rctx->pad_mode);
300 if (ret < 0)
301 return ret;
4f59b658 302 *routlen = ret;
07e970c7
DSH		 303 return 1;
304 }
305
4f59b658 306static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
eaff5a14
DSH		 307 const unsigned char *sig, size_t siglen,
308 const unsigned char *tbs, size_t tbslen)
4f59b658
DSH		 309 {
310 RSA_PKEY_CTX *rctx = ctx->data;
a7ffd9d1 311 RSA *rsa = ctx->pkey->pkey.rsa;
eaff5a14 312 size_t rslen;
4f59b658
DSH		 313 if (rctx->md)
314 {
315 if (rctx->pad_mode == RSA_PKCS1_PADDING)
316 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
a7ffd9d1 317 sig, siglen, rsa);
4f59b658
DSH		 318 if (rctx->pad_mode == RSA_X931_PADDING)
319 {
320 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
321 sig, siglen) <= 0)
322 return 0;
323 }
a7ffd9d1
DSH		 324 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
325 {
326 int ret;
327 if (!setup_tbuf(rctx, ctx))
328 return -1;
329 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
330 rsa, RSA_NO_PADDING);
331 if (ret <= 0)
332 return 0;
bf8883b3
DSH		 333 ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
334 rctx->md, rctx->mgf1md,
a7ffd9d1
DSH		 335 rctx->tbuf, rctx->saltlen);
336 if (ret <= 0)
337 return 0;
338 return 1;
339 }
4f59b658
DSH		 340 else
341 return -1;
342 }
343 else
344 {
345 if (!setup_tbuf(rctx, ctx))
346 return -1;
347 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
a7ffd9d1 348 rsa, rctx->pad_mode);
0cfc80c4 349 if (rslen == 0)
4f59b658
DSH		 350 return 0;
351 }
352
353 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
354 return 0;
355
356 return 1;
357
358 }
4f59b658 359
eaff5a14
DSH		 360static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
361 unsigned char *out, size_t *outlen,
362 const unsigned char *in, size_t inlen)
8cd44e36
DSH		 363 {
364 int ret;
365 RSA_PKEY_CTX *rctx = ctx->data;
271fef0e
DSH		 366 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING)
367 {
368 int klen = RSA_size(ctx->pkey->pkey.rsa);
369 if (!setup_tbuf(rctx, ctx))
370 return -1;
371 if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
372 in, inlen,
373 rctx->oaep_label,
374 rctx->oaep_labellen,
375 rctx->md, rctx->mgf1md))
376 return -1;
377 ret = RSA_public_encrypt(klen, rctx->tbuf, out,
378 ctx->pkey->pkey.rsa,
379 RSA_NO_PADDING);
380 }
381 else
382 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
8cd44e36
DSH		 383 rctx->pad_mode);
384 if (ret < 0)
385 return ret;
386 *outlen = ret;
387 return 1;
388 }
389
eaff5a14
DSH		 390static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
391 unsigned char *out, size_t *outlen,
392 const unsigned char *in, size_t inlen)
8cd44e36
DSH		 393 {
394 int ret;
395 RSA_PKEY_CTX *rctx = ctx->data;
271fef0e
DSH		 396 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING)
397 {
398 int i;
399 if (!setup_tbuf(rctx, ctx))
400 return -1;
401 ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
402 ctx->pkey->pkey.rsa,
403 RSA_NO_PADDING);
404 if (ret <= 0)
405 return ret;
406 for (i = 0; i < ret; i++)
407 {
408 if (rctx->tbuf[i])
409 break;
410 }
411 ret = RSA_padding_check_PKCS1_OAEP_mgf1(out,ret,rctx->tbuf + i,
412 ret - i, ret,
413 rctx->oaep_label,
414 rctx->oaep_labellen,
415 rctx->md, rctx->mgf1md);
416 }
417 else
418 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
8cd44e36
DSH		 419 rctx->pad_mode);
420 if (ret < 0)
421 return ret;
422 *outlen = ret;
423 return 1;
424 }
07e970c7 425
75d44c04 426static int check_padding_md(const EVP_MD *md, int padding)
b2a97be7 427 {
75d44c04 428 if (!md)
b2a97be7 429 return 1;
a7ffd9d1 430
b2a97be7
DSH		 431 if (padding == RSA_NO_PADDING)
432 {
c927df3f 433 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
b2a97be7
DSH		 434 return 0;
435 }
436
437 if (padding == RSA_X931_PADDING)
438 {
75d44c04 439 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
b2a97be7 440 {
c927df3f 441 RSAerr(RSA_F_CHECK_PADDING_MD,
b2a97be7
DSH		 442 RSA_R_INVALID_X931_DIGEST);
443 return 0;
444 }
445 return 1;
446 }
447
448 return 1;
449 }
450
451
4a3dc3c0
DSH		 452static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
453 {
454 RSA_PKEY_CTX *rctx = ctx->data;
455 switch (type)
456 {
4a3dc3c0 457 case EVP_PKEY_CTRL_RSA_PADDING:
29db322e 458 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
4a3dc3c0 459 {
75d44c04 460 if (!check_padding_md(rctx->md, p1))
b2a97be7 461 return 0;
a7ffd9d1
DSH		 462 if (p1 == RSA_PKCS1_PSS_PADDING)
463 {
7f57b076
DSH		 464 if (!(ctx->operation &
465 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
466 goto bad_pad;
a7ffd9d1
DSH		 467 if (!rctx->md)
468 rctx->md = EVP_sha1();
469 }
470 if (p1 == RSA_PKCS1_OAEP_PADDING)
471 {
472 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
7f57b076 473 goto bad_pad;
a7ffd9d1
DSH		 474 if (!rctx->md)
475 rctx->md = EVP_sha1();
476 }
4a3dc3c0
DSH		 477 rctx->pad_mode = p1;
478 return 1;
479 }
7f57b076
DSH		 480 bad_pad:
481 RSAerr(RSA_F_PKEY_RSA_CTRL,
482 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
6471c9f4 483 return -2;
4a3dc3c0 484
1c8d9299
DSH		 485 case EVP_PKEY_CTRL_GET_RSA_PADDING:
486 *(int *)p2 = rctx->pad_mode;
487 return 1;
488
f9a6348a 489 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
1c8d9299 490 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
f9a6348a 491 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
7f57b076
DSH		 492 {
493 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
f9a6348a 494 return -2;
7f57b076 495 }
1c8d9299
DSH		 496 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
497 *(int *)p2 = rctx->saltlen;
498 else
499 {
500 if (p1 < -2)
501 return -2;
502 rctx->saltlen = p1;
503 }
f9a6348a
DSH		 504 return 1;
505
54d853eb
DSH		 506 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
507 if (p1 < 256)
7f57b076
DSH		 508 {
509 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
54d853eb 510 return -2;
7f57b076 511 }
54d853eb
DSH		 512 rctx->nbits = p1;
513 return 1;
514
515 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
516 if (!p2)
517 return -2;
271fef0e 518 BN_free(rctx->pub_exp);
54d853eb
DSH		 519 rctx->pub_exp = p2;
520 return 1;
521
271fef0e
DSH		 522 case EVP_PKEY_CTRL_RSA_OAEP_MD:
523 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING)
524 {
525 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
526 return 0;
527 }
528 rctx->md = p2;
529 return 1;
530
75d44c04
DSH		 531 case EVP_PKEY_CTRL_MD:
532 if (!check_padding_md(p2, rctx->pad_mode))
b2a97be7 533 return 0;
75d44c04 534 rctx->md = p2;
b2a97be7
DSH		 535 return 1;
536
81063953
DSH		 537 case EVP_PKEY_CTRL_GET_MD:
538 *(const EVP_MD **)p2 = rctx->md;
539 return 1;
540
31904ecd 541 case EVP_PKEY_CTRL_RSA_MGF1_MD:
1c8d9299 542 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
271fef0e
DSH		 543 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
544 && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING)
1c8d9299
DSH		 545 {
546 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
547 return -2;
548 }
549 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
550 {
551 if (rctx->mgf1md)
552 *(const EVP_MD **)p2 = rctx->mgf1md;
553 else
554 *(const EVP_MD **)p2 = rctx->md;
555 }
556 else
557 rctx->mgf1md = p2;
77f4b6ba
DSH		 558 return 1;
559
271fef0e
DSH		 560 case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
561 OPENSSL_free(rctx->oaep_label);
562 rctx->oaep_label = p2;
563 rctx->oaep_labellen = p1;
564 return 1;
565
156ee882 566 case EVP_PKEY_CTRL_DIGESTINIT:
399a6f0b
DSH		 567 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
568 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
b7683e3a 569 case EVP_PKEY_CTRL_PKCS7_SIGN:
b3339050 570 return 1;
8931b30d 571#ifndef OPENSSL_NO_CMS
8931b30d 572 case EVP_PKEY_CTRL_CMS_DECRYPT:
b3339050
DSH		 573 {
574 X509_ALGOR *alg = NULL;
575 ASN1_OBJECT *encalg = NULL;
576 if (p2)
577 CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
578 if (alg)
579 X509_ALGOR_get0(&encalg, NULL, NULL, alg);
580 if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
581 rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
582 }
583 case EVP_PKEY_CTRL_CMS_ENCRYPT:
8931b30d 584 case EVP_PKEY_CTRL_CMS_SIGN:
399a6f0b 585 return 1;
b3339050 586#endif
0e1dba93
DSH		 587 case EVP_PKEY_CTRL_PEER_KEY:
588 RSAerr(RSA_F_PKEY_RSA_CTRL,
4f1aa191 589 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
0e1dba93 590 return -2;
399a6f0b 591
4a3dc3c0
DSH		 592 default:
593 return -2;
594
595 }
596 }
597
598static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
599 const char *type, const char *value)
600 {
7f57b076
DSH		 601 if (!value)
602 {
603 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
604 return 0;
605 }
4a3dc3c0
DSH		 606 if (!strcmp(type, "rsa_padding_mode"))
607 {
608 int pm;
4a3dc3c0
DSH		 609 if (!strcmp(value, "pkcs1"))
610 pm = RSA_PKCS1_PADDING;
611 else if (!strcmp(value, "sslv23"))
612 pm = RSA_SSLV23_PADDING;
613 else if (!strcmp(value, "none"))
614 pm = RSA_NO_PADDING;
615 else if (!strcmp(value, "oeap"))
616 pm = RSA_PKCS1_OAEP_PADDING;
0ded2a06
DSH		 617 else if (!strcmp(value, "oaep"))
618 pm = RSA_PKCS1_OAEP_PADDING;
4a3dc3c0
DSH		 619 else if (!strcmp(value, "x931"))
620 pm = RSA_X931_PADDING;
29db322e
DSH		 621 else if (!strcmp(value, "pss"))
622 pm = RSA_PKCS1_PSS_PADDING;
4a3dc3c0 623 else
7f57b076
DSH		 624 {
625 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
626 RSA_R_UNKNOWN_PADDING_TYPE);
4a3dc3c0 627 return -2;
7f57b076 628 }
6471c9f4 629 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
4a3dc3c0 630 }
54d853eb 631
f9a6348a
DSH		 632 if (!strcmp(type, "rsa_pss_saltlen"))
633 {
634 int saltlen;
635 saltlen = atoi(value);
636 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
637 }
54d853eb
DSH		 638
639 if (!strcmp(type, "rsa_keygen_bits"))
640 {
641 int nbits;
642 nbits = atoi(value);
643 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
644 }
645
646 if (!strcmp(type, "rsa_keygen_pubexp"))
647 {
648 int ret;
649 BIGNUM *pubexp = NULL;
650 if (!BN_asc2bn(&pubexp, value))
651 return 0;
652 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
653 if (ret <= 0)
654 BN_free(pubexp);
655 return ret;
656 }
657
271fef0e
DSH		 658 if (!strcmp(type, "rsa_mgf1_md"))
659 {
660 const EVP_MD *md;
661 if (!(md = EVP_get_digestbyname(value)))
662 {
663 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
664 RSA_R_INVALID_DIGEST);
665 return 0;
666 }
667 return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
668 }
669
670 if (!strcmp(type, "rsa_oaep_md"))
671 {
672 const EVP_MD *md;
673 if (!(md = EVP_get_digestbyname(value)))
674 {
675 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
676 RSA_R_INVALID_DIGEST);
677 return 0;
678 }
679 return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
680 }
681 if (!strcmp(type, "rsa_oaep_label"))
682 {
683 unsigned char *lab;
684 long lablen;
685 int ret;
686 lab = string_to_hex(value, &lablen);
687 if (!lab)
688 return 0;
689 ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
690 if (ret <= 0)
691 OPENSSL_free(lab);
692 return ret;
693 }
694
4a3dc3c0
DSH		 695 return -2;
696 }
697
f5cda4cb
DSH		 698static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
699 {
700 RSA *rsa = NULL;
701 RSA_PKEY_CTX *rctx = ctx->data;
702 BN_GENCB *pcb, cb;
703 int ret;
704 if (!rctx->pub_exp)
705 {
706 rctx->pub_exp = BN_new();
707 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
708 return 0;
709 }
710 rsa = RSA_new();
711 if (!rsa)
712 return 0;
713 if (ctx->pkey_gencb)
714 {
715 pcb = &cb;
716 evp_pkey_set_cb_translate(pcb, ctx);
717 }
718 else
719 pcb = NULL;
720 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
721 if (ret > 0)
722 EVP_PKEY_assign_RSA(pkey, rsa);
723 else
724 RSA_free(rsa);
725 return ret;
726 }
727
0b6f3c66
DSH		 728const EVP_PKEY_METHOD rsa_pkey_meth =
729 {
730 EVP_PKEY_RSA,
b010b7c4 731 EVP_PKEY_FLAG_AUTOARGLEN,
07e970c7 732 pkey_rsa_init,
8bdcef40 733 pkey_rsa_copy,
07e970c7
DSH		 734 pkey_rsa_cleanup,
735
736 0,0,
737
f5cda4cb
DSH		 738 0,
739 pkey_rsa_keygen,
07e970c7
DSH		 740
741 0,
742 pkey_rsa_sign,
743
4f59b658
DSH		 744 0,
745 pkey_rsa_verify,
07e970c7
DSH		 746
747 0,
8cd44e36
DSH		 748 pkey_rsa_verifyrecover,
749
750
751 0,0,0,0,
752
753 0,
754 pkey_rsa_encrypt,
755
756 0,
757 pkey_rsa_decrypt,
758
d87e6152
DSH		 759 0,0,
760
4a3dc3c0
DSH		 761 pkey_rsa_ctrl,
762 pkey_rsa_ctrl_str
8cd44e36 763
07e970c7 764
0b6f3c66 765 };
A mirror of the official openssl repository