]> git.ipfire.org Git - thirdparty/openssl.git/blob - crypto/rsa/rsa_pmeth.c
projects / thirdparty / openssl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Exetended OAEP support.
[thirdparty/openssl.git] / crypto / rsa / rsa_pmeth.c
1 /* crypto/rsa/rsa_pmeth.c */
2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL
3 * project 2006.
4 */
5 /* ====================================================================
6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved.
7 *
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
10 * are met:
11 *
12 * 1. Redistributions of source code must retain the above copyright
13 * notice, this list of conditions and the following disclaimer.
14 *
15 * 2. Redistributions in binary form must reproduce the above copyright
16 * notice, this list of conditions and the following disclaimer in
17 * the documentation and/or other materials provided with the
18 * distribution.
19 *
20 * 3. All advertising materials mentioning features or use of this
21 * software must display the following acknowledgment:
22 * "This product includes software developed by the OpenSSL Project
23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
24 *
25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
26 * endorse or promote products derived from this software without
27 * prior written permission. For written permission, please contact
28 * licensing@OpenSSL.org.
29 *
30 * 5. Products derived from this software may not be called "OpenSSL"
31 * nor may "OpenSSL" appear in their names without prior written
32 * permission of the OpenSSL Project.
33 *
34 * 6. Redistributions of any form whatsoever must retain the following
35 * acknowledgment:
36 * "This product includes software developed by the OpenSSL Project
37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
38 *
39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR
43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
50 * OF THE POSSIBILITY OF SUCH DAMAGE.
51 * ====================================================================
52 *
53 * This product includes cryptographic software written by Eric Young
54 * (eay@cryptsoft.com). This product includes software written by Tim
55 * Hudson (tjh@cryptsoft.com).
56 *
57 */
58
59 #include <stdio.h>
60 #include "cryptlib.h"
61 #include <openssl/asn1t.h>
62 #include <openssl/x509.h>
63 #include <openssl/rsa.h>
64 #include <openssl/bn.h>
65 #include <openssl/evp.h>
66 #include <openssl/x509v3.h>
67 #ifndef OPENSSL_NO_CMS
68 #include <openssl/cms.h>
69 #endif
70 #include "evp_locl.h"
71 #include "rsa_locl.h"
72
73 /* RSA pkey context structure */
74
75 typedef struct
76 {
77 /* Key gen parameters */
78 int nbits;
79 BIGNUM *pub_exp;
80 /* Keygen callback info */
81 int gentmp[2];
82 /* RSA padding mode */
83 int pad_mode;
84 /* message digest */
85 const EVP_MD *md;
86 /* message digest for MGF1 */
87 const EVP_MD *mgf1md;
88 /* PSS salt length */
89 int saltlen;
90 /* Temp buffer */
91 unsigned char *tbuf;
92 /* OAEP label */
93 unsigned char *oaep_label;
94 size_t oaep_labellen;
95 } RSA_PKEY_CTX;
96
97 static int pkey_rsa_init(EVP_PKEY_CTX *ctx)
98 {
99 RSA_PKEY_CTX *rctx;
100 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX));
101 if (!rctx)
102 return 0;
103 rctx->nbits = 1024;
104 rctx->pub_exp = NULL;
105 rctx->pad_mode = RSA_PKCS1_PADDING;
106 rctx->md = NULL;
107 rctx->mgf1md = NULL;
108 rctx->tbuf = NULL;
109
110 rctx->saltlen = -2;
111
112 rctx->oaep_label = NULL;
113 rctx->oaep_labellen = 0;
114
115 ctx->data = rctx;
116 ctx->keygen_info = rctx->gentmp;
117 ctx->keygen_info_count = 2;
118
119 return 1;
120 }
121
122 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src)
123 {
124 RSA_PKEY_CTX *dctx, *sctx;
125 if (!pkey_rsa_init(dst))
126 return 0;
127 sctx = src->data;
128 dctx = dst->data;
129 dctx->nbits = sctx->nbits;
130 if (sctx->pub_exp)
131 {
132 dctx->pub_exp = BN_dup(sctx->pub_exp);
133 if (!dctx->pub_exp)
134 return 0;
135 }
136 dctx->pad_mode = sctx->pad_mode;
137 dctx->md = sctx->md;
138 dctx->mgf1md = sctx->mgf1md;
139 if (sctx->oaep_label)
140 {
141 if (dctx->oaep_label)
142 OPENSSL_free(dctx->oaep_label);
143 dctx->oaep_label = BUF_memdup(sctx->oaep_label,
144 sctx->oaep_labellen);
145 if (!dctx->oaep_label)
146 return 0;
147 dctx->oaep_labellen = sctx->oaep_labellen;
148 }
149 return 1;
150 }
151
152 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk)
153 {
154 if (ctx->tbuf)
155 return 1;
156 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey));
157 if (!ctx->tbuf)
158 return 0;
159 return 1;
160 }
161
162 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx)
163 {
164 RSA_PKEY_CTX *rctx = ctx->data;
165 if (rctx)
166 {
167 if (rctx->pub_exp)
168 BN_free(rctx->pub_exp);
169 if (rctx->tbuf)
170 OPENSSL_free(rctx->tbuf);
171 if (rctx->oaep_label)
172 OPENSSL_free(rctx->oaep_label);
173 OPENSSL_free(rctx);
174 }
175 }
176
177 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen,
178 const unsigned char *tbs, size_t tbslen)
179 {
180 int ret;
181 RSA_PKEY_CTX *rctx = ctx->data;
182 RSA *rsa = ctx->pkey->pkey.rsa;
183
184 if (rctx->md)
185 {
186 if (tbslen != (size_t)EVP_MD_size(rctx->md))
187 {
188 RSAerr(RSA_F_PKEY_RSA_SIGN,
189 RSA_R_INVALID_DIGEST_LENGTH);
190 return -1;
191 }
192
193 if (EVP_MD_type(rctx->md) == NID_mdc2)
194 {
195 unsigned int sltmp;
196 if (rctx->pad_mode != RSA_PKCS1_PADDING)
197 return -1;
198 ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2,
199 tbs, tbslen, sig, &sltmp, rsa);
200
201 if (ret <= 0)
202 return ret;
203 ret = sltmp;
204 }
205 else if (rctx->pad_mode == RSA_X931_PADDING)
206 {
207 if (!setup_tbuf(rctx, ctx))
208 return -1;
209 memcpy(rctx->tbuf, tbs, tbslen);
210 rctx->tbuf[tbslen] =
211 RSA_X931_hash_id(EVP_MD_type(rctx->md));
212 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf,
213 sig, rsa, RSA_X931_PADDING);
214 }
215 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
216 {
217 unsigned int sltmp;
218 ret = RSA_sign(EVP_MD_type(rctx->md),
219 tbs, tbslen, sig, &sltmp, rsa);
220 if (ret <= 0)
221 return ret;
222 ret = sltmp;
223 }
224 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
225 {
226 if (!setup_tbuf(rctx, ctx))
227 return -1;
228 if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa,
229 rctx->tbuf, tbs,
230 rctx->md, rctx->mgf1md,
231 rctx->saltlen))
232 return -1;
233 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf,
234 sig, rsa, RSA_NO_PADDING);
235 }
236 else
237 return -1;
238 }
239 else
240 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa,
241 rctx->pad_mode);
242 if (ret < 0)
243 return ret;
244 *siglen = ret;
245 return 1;
246 }
247
248
249 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx,
250 unsigned char *rout, size_t *routlen,
251 const unsigned char *sig, size_t siglen)
252 {
253 int ret;
254 RSA_PKEY_CTX *rctx = ctx->data;
255
256 if (rctx->md)
257 {
258 if (rctx->pad_mode == RSA_X931_PADDING)
259 {
260 if (!setup_tbuf(rctx, ctx))
261 return -1;
262 ret = RSA_public_decrypt(siglen, sig,
263 rctx->tbuf, ctx->pkey->pkey.rsa,
264 RSA_X931_PADDING);
265 if (ret < 1)
266 return 0;
267 ret--;
268 if (rctx->tbuf[ret] !=
269 RSA_X931_hash_id(EVP_MD_type(rctx->md)))
270 {
271 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
272 RSA_R_ALGORITHM_MISMATCH);
273 return 0;
274 }
275 if (ret != EVP_MD_size(rctx->md))
276 {
277 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER,
278 RSA_R_INVALID_DIGEST_LENGTH);
279 return 0;
280 }
281 if (rout)
282 memcpy(rout, rctx->tbuf, ret);
283 }
284 else if (rctx->pad_mode == RSA_PKCS1_PADDING)
285 {
286 size_t sltmp;
287 ret = int_rsa_verify(EVP_MD_type(rctx->md),
288 NULL, 0, rout, &sltmp,
289 sig, siglen, ctx->pkey->pkey.rsa);
290 if (ret <= 0)
291 return 0;
292 ret = sltmp;
293 }
294 else
295 return -1;
296 }
297 else
298 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa,
299 rctx->pad_mode);
300 if (ret < 0)
301 return ret;
302 *routlen = ret;
303 return 1;
304 }
305
306 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx,
307 const unsigned char *sig, size_t siglen,
308 const unsigned char *tbs, size_t tbslen)
309 {
310 RSA_PKEY_CTX *rctx = ctx->data;
311 RSA *rsa = ctx->pkey->pkey.rsa;
312 size_t rslen;
313 if (rctx->md)
314 {
315 if (rctx->pad_mode == RSA_PKCS1_PADDING)
316 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen,
317 sig, siglen, rsa);
318 if (rctx->pad_mode == RSA_X931_PADDING)
319 {
320 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen,
321 sig, siglen) <= 0)
322 return 0;
323 }
324 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING)
325 {
326 int ret;
327 if (!setup_tbuf(rctx, ctx))
328 return -1;
329 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf,
330 rsa, RSA_NO_PADDING);
331 if (ret <= 0)
332 return 0;
333 ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs,
334 rctx->md, rctx->mgf1md,
335 rctx->tbuf, rctx->saltlen);
336 if (ret <= 0)
337 return 0;
338 return 1;
339 }
340 else
341 return -1;
342 }
343 else
344 {
345 if (!setup_tbuf(rctx, ctx))
346 return -1;
347 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf,
348 rsa, rctx->pad_mode);
349 if (rslen == 0)
350 return 0;
351 }
352
353 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen))
354 return 0;
355
356 return 1;
357
358 }
359
360 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx,
361 unsigned char *out, size_t *outlen,
362 const unsigned char *in, size_t inlen)
363 {
364 int ret;
365 RSA_PKEY_CTX *rctx = ctx->data;
366 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING)
367 {
368 int klen = RSA_size(ctx->pkey->pkey.rsa);
369 if (!setup_tbuf(rctx, ctx))
370 return -1;
371 if (!RSA_padding_add_PKCS1_OAEP_mgf1(rctx->tbuf, klen,
372 in, inlen,
373 rctx->oaep_label,
374 rctx->oaep_labellen,
375 rctx->md, rctx->mgf1md))
376 return -1;
377 ret = RSA_public_encrypt(klen, rctx->tbuf, out,
378 ctx->pkey->pkey.rsa,
379 RSA_NO_PADDING);
380 }
381 else
382 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa,
383 rctx->pad_mode);
384 if (ret < 0)
385 return ret;
386 *outlen = ret;
387 return 1;
388 }
389
390 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx,
391 unsigned char *out, size_t *outlen,
392 const unsigned char *in, size_t inlen)
393 {
394 int ret;
395 RSA_PKEY_CTX *rctx = ctx->data;
396 if (rctx->pad_mode == RSA_PKCS1_OAEP_PADDING)
397 {
398 int i;
399 if (!setup_tbuf(rctx, ctx))
400 return -1;
401 ret = RSA_private_decrypt(inlen, in, rctx->tbuf,
402 ctx->pkey->pkey.rsa,
403 RSA_NO_PADDING);
404 if (ret <= 0)
405 return ret;
406 for (i = 0; i < ret; i++)
407 {
408 if (rctx->tbuf[i])
409 break;
410 }
411 ret = RSA_padding_check_PKCS1_OAEP_mgf1(out,ret,rctx->tbuf + i,
412 ret - i, ret,
413 rctx->oaep_label,
414 rctx->oaep_labellen,
415 rctx->md, rctx->mgf1md);
416 }
417 else
418 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa,
419 rctx->pad_mode);
420 if (ret < 0)
421 return ret;
422 *outlen = ret;
423 return 1;
424 }
425
426 static int check_padding_md(const EVP_MD *md, int padding)
427 {
428 if (!md)
429 return 1;
430
431 if (padding == RSA_NO_PADDING)
432 {
433 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE);
434 return 0;
435 }
436
437 if (padding == RSA_X931_PADDING)
438 {
439 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1)
440 {
441 RSAerr(RSA_F_CHECK_PADDING_MD,
442 RSA_R_INVALID_X931_DIGEST);
443 return 0;
444 }
445 return 1;
446 }
447
448 return 1;
449 }
450
451
452 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2)
453 {
454 RSA_PKEY_CTX *rctx = ctx->data;
455 switch (type)
456 {
457 case EVP_PKEY_CTRL_RSA_PADDING:
458 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING))
459 {
460 if (!check_padding_md(rctx->md, p1))
461 return 0;
462 if (p1 == RSA_PKCS1_PSS_PADDING)
463 {
464 if (!(ctx->operation &
465 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY)))
466 goto bad_pad;
467 if (!rctx->md)
468 rctx->md = EVP_sha1();
469 }
470 if (p1 == RSA_PKCS1_OAEP_PADDING)
471 {
472 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT))
473 goto bad_pad;
474 if (!rctx->md)
475 rctx->md = EVP_sha1();
476 }
477 rctx->pad_mode = p1;
478 return 1;
479 }
480 bad_pad:
481 RSAerr(RSA_F_PKEY_RSA_CTRL,
482 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE);
483 return -2;
484
485 case EVP_PKEY_CTRL_GET_RSA_PADDING:
486 *(int *)p2 = rctx->pad_mode;
487 return 1;
488
489 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN:
490 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN:
491 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING)
492 {
493 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN);
494 return -2;
495 }
496 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN)
497 *(int *)p2 = rctx->saltlen;
498 else
499 {
500 if (p1 < -2)
501 return -2;
502 rctx->saltlen = p1;
503 }
504 return 1;
505
506 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS:
507 if (p1 < 256)
508 {
509 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS);
510 return -2;
511 }
512 rctx->nbits = p1;
513 return 1;
514
515 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP:
516 if (!p2)
517 return -2;
518 BN_free(rctx->pub_exp);
519 rctx->pub_exp = p2;
520 return 1;
521
522 case EVP_PKEY_CTRL_RSA_OAEP_MD:
523 if (rctx->pad_mode != RSA_PKCS1_OAEP_PADDING)
524 {
525 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PADDING_MODE);
526 return 0;
527 }
528 rctx->md = p2;
529 return 1;
530
531 case EVP_PKEY_CTRL_MD:
532 if (!check_padding_md(p2, rctx->pad_mode))
533 return 0;
534 rctx->md = p2;
535 return 1;
536
537 case EVP_PKEY_CTRL_RSA_MGF1_MD:
538 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD:
539 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING
540 && rctx->pad_mode != RSA_PKCS1_OAEP_PADDING)
541 {
542 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD);
543 return -2;
544 }
545 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD)
546 {
547 if (rctx->mgf1md)
548 *(const EVP_MD **)p2 = rctx->mgf1md;
549 else
550 *(const EVP_MD **)p2 = rctx->md;
551 }
552 else
553 rctx->mgf1md = p2;
554 return 1;
555
556 case EVP_PKEY_CTRL_RSA_OAEP_LABEL:
557 OPENSSL_free(rctx->oaep_label);
558 rctx->oaep_label = p2;
559 rctx->oaep_labellen = p1;
560 return 1;
561
562 case EVP_PKEY_CTRL_DIGESTINIT:
563 case EVP_PKEY_CTRL_PKCS7_ENCRYPT:
564 case EVP_PKEY_CTRL_PKCS7_DECRYPT:
565 case EVP_PKEY_CTRL_PKCS7_SIGN:
566 return 1;
567 #ifndef OPENSSL_NO_CMS
568 case EVP_PKEY_CTRL_CMS_DECRYPT:
569 {
570 X509_ALGOR *alg = NULL;
571 ASN1_OBJECT *encalg = NULL;
572 if (p2)
573 CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg);
574 if (alg)
575 X509_ALGOR_get0(&encalg, NULL, NULL, alg);
576 if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep)
577 rctx->pad_mode = RSA_PKCS1_OAEP_PADDING;
578 }
579 case EVP_PKEY_CTRL_CMS_ENCRYPT:
580 case EVP_PKEY_CTRL_CMS_SIGN:
581 return 1;
582 #endif
583 case EVP_PKEY_CTRL_PEER_KEY:
584 RSAerr(RSA_F_PKEY_RSA_CTRL,
585 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE);
586 return -2;
587
588 default:
589 return -2;
590
591 }
592 }
593
594 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx,
595 const char *type, const char *value)
596 {
597 if (!value)
598 {
599 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING);
600 return 0;
601 }
602 if (!strcmp(type, "rsa_padding_mode"))
603 {
604 int pm;
605 if (!strcmp(value, "pkcs1"))
606 pm = RSA_PKCS1_PADDING;
607 else if (!strcmp(value, "sslv23"))
608 pm = RSA_SSLV23_PADDING;
609 else if (!strcmp(value, "none"))
610 pm = RSA_NO_PADDING;
611 else if (!strcmp(value, "oeap"))
612 pm = RSA_PKCS1_OAEP_PADDING;
613 else if (!strcmp(value, "oaep"))
614 pm = RSA_PKCS1_OAEP_PADDING;
615 else if (!strcmp(value, "x931"))
616 pm = RSA_X931_PADDING;
617 else if (!strcmp(value, "pss"))
618 pm = RSA_PKCS1_PSS_PADDING;
619 else
620 {
621 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
622 RSA_R_UNKNOWN_PADDING_TYPE);
623 return -2;
624 }
625 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm);
626 }
627
628 if (!strcmp(type, "rsa_pss_saltlen"))
629 {
630 int saltlen;
631 saltlen = atoi(value);
632 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen);
633 }
634
635 if (!strcmp(type, "rsa_keygen_bits"))
636 {
637 int nbits;
638 nbits = atoi(value);
639 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits);
640 }
641
642 if (!strcmp(type, "rsa_keygen_pubexp"))
643 {
644 int ret;
645 BIGNUM *pubexp = NULL;
646 if (!BN_asc2bn(&pubexp, value))
647 return 0;
648 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp);
649 if (ret <= 0)
650 BN_free(pubexp);
651 return ret;
652 }
653
654 if (!strcmp(type, "rsa_mgf1_md"))
655 {
656 const EVP_MD *md;
657 if (!(md = EVP_get_digestbyname(value)))
658 {
659 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
660 RSA_R_INVALID_DIGEST);
661 return 0;
662 }
663 return EVP_PKEY_CTX_set_rsa_mgf1_md(ctx, md);
664 }
665
666 if (!strcmp(type, "rsa_oaep_md"))
667 {
668 const EVP_MD *md;
669 if (!(md = EVP_get_digestbyname(value)))
670 {
671 RSAerr(RSA_F_PKEY_RSA_CTRL_STR,
672 RSA_R_INVALID_DIGEST);
673 return 0;
674 }
675 return EVP_PKEY_CTX_set_rsa_oaep_md(ctx, md);
676 }
677 if (!strcmp(type, "rsa_oaep_label"))
678 {
679 unsigned char *lab;
680 long lablen;
681 int ret;
682 lab = string_to_hex(value, &lablen);
683 if (!lab)
684 return 0;
685 ret = EVP_PKEY_CTX_set0_rsa_oaep_label(ctx, lab, lablen);
686 if (ret <= 0)
687 OPENSSL_free(lab);
688 return ret;
689 }
690
691 return -2;
692 }
693
694 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey)
695 {
696 RSA *rsa = NULL;
697 RSA_PKEY_CTX *rctx = ctx->data;
698 BN_GENCB *pcb, cb;
699 int ret;
700 if (!rctx->pub_exp)
701 {
702 rctx->pub_exp = BN_new();
703 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4))
704 return 0;
705 }
706 rsa = RSA_new();
707 if (!rsa)
708 return 0;
709 if (ctx->pkey_gencb)
710 {
711 pcb = &cb;
712 evp_pkey_set_cb_translate(pcb, ctx);
713 }
714 else
715 pcb = NULL;
716 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb);
717 if (ret > 0)
718 EVP_PKEY_assign_RSA(pkey, rsa);
719 else
720 RSA_free(rsa);
721 return ret;
722 }
723
724 const EVP_PKEY_METHOD rsa_pkey_meth =
725 {
726 EVP_PKEY_RSA,
727 EVP_PKEY_FLAG_AUTOARGLEN,
728 pkey_rsa_init,
729 pkey_rsa_copy,
730 pkey_rsa_cleanup,
731
732 0,0,
733
734 0,
735 pkey_rsa_keygen,
736
737 0,
738 pkey_rsa_sign,
739
740 0,
741 pkey_rsa_verify,
742
743 0,
744 pkey_rsa_verifyrecover,
745
746
747 0,0,0,0,
748
749 0,
750 pkey_rsa_encrypt,
751
752 0,
753 pkey_rsa_decrypt,
754
755 0,0,
756
757 pkey_rsa_ctrl,
758 pkey_rsa_ctrl_str
759
760
761 };
A mirror of the official openssl repository