]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/rsa/rsa_pmeth.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Copyright consolidation 08/10
[thirdparty/openssl.git] / crypto / rsa / rsa_pmeth.c
1 /*
2 * Copyright 2006-2016 The OpenSSL Project Authors. All Rights Reserved.
3 *
4 * Licensed under the OpenSSL license (the "License"). You may not use
5 * this file except in compliance with the License. You can obtain a copy
6 * in the file LICENSE in the source distribution or at
7 * https://www.openssl.org/source/license.html
8 */
9
10 #include <stdio.h>
11 #include "internal/cryptlib.h"
12 #include <openssl/asn1t.h>
13 #include <openssl/x509.h>
14 #include <openssl/rsa.h>
15 #include <openssl/bn.h>
16 #include <openssl/evp.h>
17 #include <openssl/x509v3.h>
18 #include <openssl/cms.h>
19 #include "internal/evp_int.h"
20 #include "rsa_locl.h"
21
22 /* RSA pkey context structure */
23
24 typedef struct {
25 /* Key gen parameters */
26 int nbits;
27 BIGNUM *pub_exp;
28 /* Keygen callback info */
29 int gentmp[2];
30 /* RSA padding mode */
31 int pad_mode;
32 /* message digest */
33 const EVP_MD *md;
34 /* message digest for MGF1 */
35 const EVP_MD *mgf1md;
36 /* PSS salt length */
37 int saltlen;
38 /* Temp buffer */
39 unsigned char *tbuf;
40 /* OAEP label */
41 unsigned char *oaep_label;
42 size_t oaep_labellen;
43 } RSA_PKEY_CTX;
44
45 static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
46 {
47 RSA_PKEY_CTX *rctx;
48 rctx = OPENSSL_zalloc(sizeof(*rctx));
49 if (rctx == NULL)
50 return 0;
51 rctx->nbits = 1024;
52 rctx->pad_mode = RSA_PKCS1_PADDING;
53 rctx->saltlen = -2;
54 ctx->data = rctx;
55 ctx->keygen_info = rctx->gentmp;
56 ctx->keygen_info_count = 2;
57
58 return 1;
59 }
60
61 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
62 {
63 RSA_PKEY_CTX *dctx, *sctx;
64 if (!pkey_rsa_init(dst))
65 return 0;
66 sctx = src->data;
67 dctx = dst->data;
68 dctx->nbits = sctx->nbits;
69 if (sctx->pub_exp) {
70 dctx->pub_exp = BN_dup(sctx->pub_exp);
71 if (!dctx->pub_exp)
72 return 0;
73 }
74 dctx->pad_mode = sctx->pad_mode;
75 dctx->md = sctx->md;
76 dctx->mgf1md = sctx->mgf1md;
77 if (sctx->oaep_label) {
78 OPENSSL_free(dctx->oaep_label);
79 dctx->oaep_label = OPENSSL_memdup(sctx->oaep_label, sctx->oaep_labellen);
80 if (!dctx->oaep_label)
81 return 0;
82 dctx->oaep_labellen = sctx->oaep_labellen;
83 }
84 return 1;
85 }
86
87 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
88 {
89 if (ctx->tbuf)
90 return 1;
91 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
92 if (ctx->tbuf == NULL)
93 return 0;
94 return 1;
95 }
96
97 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
98 {
99 RSA_PKEY_CTX *rctx = ctx->data;
100 if (rctx) {
101 BN_free(rctx->pub_exp);
102 OPENSSL_free(rctx->tbuf);
103 OPENSSL_free(rctx->oaep_label);
104 OPENSSL_free(rctx);
105 }
106 }
107
108 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig,
109 size_t *siglen, const unsigned char *tbs,
110 size_t tbslen)
111 {
112 int ret;
113 RSA_PKEY_CTX *rctx = ctx->data;
114 RSA *rsa = ctx->pkey->pkey.rsa;
115
116 if (rctx->md) {
117 if (tbslen != (size_t)EVP_MD_size(rctx->md)) {
118 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH);
119 return -1;
120 }
121
122 if (EVP_MD_type(rctx->md) == NID_mdc2) {
123 unsigned int sltmp;
124 if (rctx->pad_mode != RSA_PKCS1_PADDING)
125 return -1;
126 ret = RSA_sign_ASN1_OCTET_STRING(0,
127 tbs, tbslen, sig, &sltmp, rsa);
128
129 if (ret <= 0)
130 return ret;
131 ret = sltmp;
132 } else if (rctx->pad_mode == RSA_X931_PADDING) {
133 if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) {
134 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL);
135 return -1;
136 }
137 if (!setup_tbuf(rctx, ctx)) {
138 RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE);
139 return -1;
140 }
141 memcpy(rctx->tbuf, tbs, tbslen);
142 rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md));
143 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
144 sig, rsa, RSA_X931_PADDING);
145 } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
146 unsigned int sltmp;
147 ret = RSA_sign(EVP_MD_type(rctx->md),
148 tbs, tbslen, sig, &sltmp, rsa);
149 if (ret <= 0)
150 return ret;
151 ret = sltmp;
152 } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
153 if (!setup_tbuf(rctx, ctx))
154 return -1;
155 if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
156 rctx->tbuf, tbs,
157 rctx->md, rctx->mgf1md,
158 rctx->saltlen))
159 return -1;
160 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
161 sig, rsa, RSA_NO_PADDING);
162 } else
163 return -1;
164 } else
165 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
166 rctx->pad_mode);
167 if (ret < 0)
168 return ret;
169 *siglen = ret;
170 return 1;
171 }
172
173 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
174 unsigned char *rout, size_t *routlen,
175 const unsigned char *sig, size_t siglen)
176 {
177 int ret;
178 RSA_PKEY_CTX *rctx = ctx->data;
179
180 if (rctx->md) {
181 if (rctx->pad_mode == RSA_X931_PADDING) {
182 if (!setup_tbuf(rctx, ctx))
183 return -1;
184 ret = RSA_public_decrypt(siglen, sig,
185 rctx->tbuf, ctx->pkey->pkey.rsa,
186 RSA_X931_PADDING);
187 if (ret < 1)
188 return 0;
189 ret--;
190 if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) {
191 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
192 RSA_R_ALGORITHM_MISMATCH);
193 return 0;
194 }
195 if (ret != EVP_MD_size(rctx->md)) {
196 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
197 RSA_R_INVALID_DIGEST_LENGTH);
198 return 0;
199 }
200 if (rout)
201 memcpy(rout, rctx->tbuf, ret);
202 } else if (rctx->pad_mode == RSA_PKCS1_PADDING) {
203 size_t sltmp;
204 ret = int_rsa_verify(EVP_MD_type(rctx->md),
205 NULL, 0, rout, &sltmp,
206 sig, siglen, ctx->pkey->pkey.rsa);
207 if (ret <= 0)
208 return 0;
209 ret = sltmp;
210 } else
211 return -1;
212 } else
213 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
214 rctx->pad_mode);
215 if (ret < 0)
216 return ret;
217 *routlen = ret;
218 return 1;
219 }
220
221 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
222 const unsigned char *sig, size_t siglen,
223 const unsigned char *tbs, size_t tbslen)
224 {
225 RSA_PKEY_CTX *rctx = ctx->data;
226 RSA *rsa = ctx->pkey->pkey.rsa;
227 size_t rslen;
228 if (rctx->md) {
229 if (rctx->pad_mode == RSA_PKCS1_PADDING)
230 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
231 sig, siglen, rsa);
232 if (rctx->pad_mode == RSA_X931_PADDING) {
233 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0)
234 return 0;
235 } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) {
236 int ret;
237 if (!setup_tbuf(rctx, ctx))
238 return -1;
239 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
240 rsa, RSA_NO_PADDING);
241 if (ret <= 0)
242 return 0;
243 ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
244 rctx->md, rctx->mgf1md,
245 rctx->tbuf, rctx->saltlen);
246 if (ret <= 0)
247 return 0;
248 return 1;
249 } else
250 return -1;
251 } else {
252 if (!setup_tbuf(rctx, ctx))
253 return -1;
254 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
255 rsa, rctx->pad_mode);
256 if (rslen == 0)
257 return 0;
258 }
259
260 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
261 return 0;
262
263 return 1;
264
265 }
266
267 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
268 unsigned char *out, size_t *outlen,
269 const unsigned char *in, size_t inlen)
270 {
271 int ret;
272 RSA_PKEY_CTX *rctx = ctx->data;
273 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
274 int klen = RSA_size(ctx->pkey->pkey.rsa);
275 if (!setup_tbuf(rctx, ctx))
276 return -1;
277 if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
278 in, inlen,
279 rctx->oaep_label,
280 rctx->oaep_labellen,
281 rctx->md, rctx->mgf1md))
282 return -1;
283 ret = RSA_public_encrypt(klen, rctx->tbuf, out,
284 ctx->pkey->pkey.rsa, RSA_NO_PADDING);
285 } else
286 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
287 rctx->pad_mode);
288 if (ret < 0)
289 return ret;
290 *outlen = ret;
291 return 1;
292 }
293
294 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
295 unsigned char *out, size_t *outlen,
296 const unsigned char *in, size_t inlen)
297 {
298 int ret;
299 RSA_PKEY_CTX *rctx = ctx->data;
300 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING) {
301 int i;
302 if (!setup_tbuf(rctx, ctx))
303 return -1;
304 ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
305 ctx->pkey->pkey.rsa, RSA_NO_PADDING);
306 if (ret <= 0)
307 return ret;
308 for (i = 0; i < ret; i++) {
309 if (rctx->tbuf[i])
310 break;
311 }
312 ret = RSA_padding_check_PKCS1_OAEP_mgf1(out, ret, rctx->tbuf + i,
313 ret - i, ret,
314 rctx->oaep_label,
315 rctx->oaep_labellen,
316 rctx->md, rctx->mgf1md);
317 } else
318 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
319 rctx->pad_mode);
320 if (ret < 0)
321 return ret;
322 *outlen = ret;
323 return 1;
324 }
325
326 static int check_padding_md(const EVP_MD *md, int padding)
327 {
328 int mdnid;
329 if (!md)
330 return 1;
331
332 mdnid = EVP_MD_type(md);
333
334 if (padding == RSA_NO_PADDING) {
335 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
336 return 0;
337 }
338
339 if (padding == RSA_X931_PADDING) {
340 if (RSA_X931_hash_id(mdnid) == -1) {
341 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST);
342 return 0;
343 }
344 } else {
345 switch(mdnid) {
346 /* List of all supported RSA digests */
347 case NID_sha1:
348 case NID_sha224:
349 case NID_sha256:
350 case NID_sha384:
351 case NID_sha512:
352 case NID_md5:
353 case NID_md5_sha1:
354 case NID_md2:
355 case NID_md4:
356 case NID_mdc2:
357 case NID_ripemd160:
358 return 1;
359
360 default:
361 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_DIGEST);
362 return 0;
363
364 }
365 }
366
367 return 1;
368 }
369
370 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
371 {
372 RSA_PKEY_CTX *rctx = ctx->data;
373 switch (type) {
374 case EVP_PKEY_CTRL_RSA_PADDING:
375 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) {
376 if (!check_padding_md(rctx->md, p1))
377 return 0;
378 if (p1 == RSA_PKCS1_PSS_PADDING) {
379 if (!(ctx->operation &
380 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
381 goto bad_pad;
382 if (!rctx->md)
383 rctx->md = EVP_sha1();
384 }
385 if (p1 == RSA_PKCS1_OAEP_PADDING) {
386 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
387 goto bad_pad;
388 if (!rctx->md)
389 rctx->md = EVP_sha1();
390 }
391 rctx->pad_mode = p1;
392 return 1;
393 }
394 bad_pad:
395 RSAerr(RSA_F_PKEY_RSA_CTRL,
396 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
397 return -2;
398
399 case EVP_PKEY_CTRL_GET_RSA_PADDING:
400 *(int *)p2 = rctx->pad_mode;
401 return 1;
402
403 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
404 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
405 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) {
406 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
407 return -2;
408 }
409 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
410 *(int *)p2 = rctx->saltlen;
411 else {
412 if (p1 < -2)
413 return -2;
414 rctx->saltlen = p1;
415 }
416 return 1;
417
418 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
419 if (p1 < 512) {
420 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_KEY_SIZE_TOO_SMALL);
421 return -2;
422 }
423 rctx->nbits = p1;
424 return 1;
425
426 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
427 if (!p2)
428 return -2;
429 BN_free(rctx->pub_exp);
430 rctx->pub_exp = p2;
431 return 1;
432
433 case EVP_PKEY_CTRL_RSA_OAEP_MD:
434 case EVP_PKEY_CTRL_GET_RSA_OAEP_MD:
435 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
436 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
437 return -2;
438 }
439 if (type == EVP_PKEY_CTRL_GET_RSA_OAEP_MD)
440 *(const EVP_MD **)p2 = rctx->md;
441 else
442 rctx->md = p2;
443 return 1;
444
445 case EVP_PKEY_CTRL_MD:
446 if (!check_padding_md(p2, rctx->pad_mode))
447 return 0;
448 rctx->md = p2;
449 return 1;
450
451 case EVP_PKEY_CTRL_GET_MD:
452 *(const EVP_MD **)p2 = rctx->md;
453 return 1;
454
455 case EVP_PKEY_CTRL_RSA_MGF1_MD:
456 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
457 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
458 && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
459 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
460 return -2;
461 }
462 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) {
463 if (rctx->mgf1md)
464 *(const EVP_MD **)p2 = rctx->mgf1md;
465 else
466 *(const EVP_MD **)p2 = rctx->md;
467 } else
468 rctx->mgf1md = p2;
469 return 1;
470
471 case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
472 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
473 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
474 return -2;
475 }
476 OPENSSL_free(rctx->oaep_label);
477 if (p2 && p1 > 0) {
478 rctx->oaep_label = p2;
479 rctx->oaep_labellen = p1;
480 } else {
481 rctx->oaep_label = NULL;
482 rctx->oaep_labellen = 0;
483 }
484 return 1;
485
486 case EVP_PKEY_CTRL_GET_RSA_OAEP_LABEL:
487 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING) {
488 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
489 return -2;
490 }
491 *(unsigned char **)p2 = rctx->oaep_label;
492 return rctx->oaep_labellen;
493
494 case EVP_PKEY_CTRL_DIGESTINIT:
495 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
496 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
497 case EVP_PKEY_CTRL_PKCS7_SIGN:
498 return 1;
499 #ifndef OPENSSL_NO_CMS
500 case EVP_PKEY_CTRL_CMS_DECRYPT:
501 case EVP_PKEY_CTRL_CMS_ENCRYPT:
502 case EVP_PKEY_CTRL_CMS_SIGN:
503 return 1;
504 #endif
505 case EVP_PKEY_CTRL_PEER_KEY:
506 RSAerr(RSA_F_PKEY_RSA_CTRL,
507 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
508 return -2;
509
510 default:
511 return -2;
512
513 }
514 }
515
516 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
517 const char *type, const char *value)
518 {
519 if (!value) {
520 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
521 return 0;
522 }
523 if (strcmp(type, "rsa_padding_mode") == 0) {
524 int pm;
525 if (strcmp(value, "pkcs1") == 0)
526 pm = RSA_PKCS1_PADDING;
527 else if (strcmp(value, "sslv23") == 0)
528 pm = RSA_SSLV23_PADDING;
529 else if (strcmp(value, "none") == 0)
530 pm = RSA_NO_PADDING;
531 else if (strcmp(value, "oeap") == 0)
532 pm = RSA_PKCS1_OAEP_PADDING;
533 else if (strcmp(value, "oaep") == 0)
534 pm = RSA_PKCS1_OAEP_PADDING;
535 else if (strcmp(value, "x931") == 0)
536 pm = RSA_X931_PADDING;
537 else if (strcmp(value, "pss") == 0)
538 pm = RSA_PKCS1_PSS_PADDING;
539 else {
540 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE);
541 return -2;
542 }
543 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
544 }
545
546 if (strcmp(type, "rsa_pss_saltlen") == 0) {
547 int saltlen;
548 saltlen = atoi(value);
549 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
550 }
551
552 if (strcmp(type, "rsa_keygen_bits") == 0) {
553 int nbits;
554 nbits = atoi(value);
555 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
556 }
557
558 if (strcmp(type, "rsa_keygen_pubexp") == 0) {
559 int ret;
560 BIGNUM *pubexp = NULL;
561 if (!BN_asc2bn(&pubexp, value))
562 return 0;
563 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
564 if (ret <= 0)
565 BN_free(pubexp);
566 return ret;
567 }
568
569 if (strcmp(type, "rsa_mgf1_md") == 0) {
570 const EVP_MD *md;
571 if ((md = EVP_get_digestbyname(value)) == NULL) {
572 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
573 return 0;
574 }
575 return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
576 }
577
578 if (strcmp(type, "rsa_oaep_md") == 0) {
579 const EVP_MD *md;
580 if ((md = EVP_get_digestbyname(value)) == NULL) {
581 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_INVALID_DIGEST);
582 return 0;
583 }
584 return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
585 }
586 if (strcmp(type, "rsa_oaep_label") == 0) {
587 unsigned char *lab;
588 long lablen;
589 int ret;
590 lab = OPENSSL_hexstr2buf(value, &lablen);
591 if (!lab)
592 return 0;
593 ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
594 if (ret <= 0)
595 OPENSSL_free(lab);
596 return ret;
597 }
598
599 return -2;
600 }
601
602 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
603 {
604 RSA *rsa = NULL;
605 RSA_PKEY_CTX *rctx = ctx->data;
606 BN_GENCB *pcb;
607 int ret;
608 if (rctx->pub_exp == NULL) {
609 rctx->pub_exp = BN_new();
610 if (rctx->pub_exp == NULL || !BN_set_word(rctx->pub_exp, RSA_F4))
611 return 0;
612 }
613 rsa = RSA_new();
614 if (rsa == NULL)
615 return 0;
616 if (ctx->pkey_gencb) {
617 pcb = BN_GENCB_new();
618 if (pcb == NULL) {
619 RSA_free(rsa);
620 return 0;
621 }
622 evp_pkey_set_cb_translate(pcb, ctx);
623 } else
624 pcb = NULL;
625 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
626 BN_GENCB_free(pcb);
627 if (ret > 0)
628 EVP_PKEY_assign_RSA(pkey, rsa);
629 else
630 RSA_free(rsa);
631 return ret;
632 }
633
634 const EVP_PKEY_METHOD rsa_pkey_meth = {
635 EVP_PKEY_RSA,
636 EVP_PKEY_FLAG_AUTOARGLEN,
637 pkey_rsa_init,
638 pkey_rsa_copy,
639 pkey_rsa_cleanup,
640
641 0, 0,
642
643 0,
644 pkey_rsa_keygen,
645
646 0,
647 pkey_rsa_sign,
648
649 0,
650 pkey_rsa_verify,
651
652 0,
653 pkey_rsa_verifyrecover,
654
655 0, 0, 0, 0,
656
657 0,
658 pkey_rsa_encrypt,
659
660 0,
661 pkey_rsa_decrypt,
662
663 0, 0,
664
665 pkey_rsa_ctrl,
666 pkey_rsa_ctrl_str
667 };
A mirror of the official openssl repository