1 /* crypto/rsa/rsa_pmeth.c */ 2 /* Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL 3 * project 2006. 4 */ 5 /* ==================================================================== 6 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 7 * 8 * Redistribution and use in source and binary forms, with or without 9 * modification, are permitted provided that the following conditions 10 * are met: 11 * 12 * 1. Redistributions of source code must retain the above copyright 13 * notice, this list of conditions and the following disclaimer. 14 * 15 * 2. Redistributions in binary form must reproduce the above copyright 16 * notice, this list of conditions and the following disclaimer in 17 * the documentation and/or other materials provided with the 18 * distribution. 19 * 20 * 3. All advertising materials mentioning features or use of this 21 * software must display the following acknowledgment: 22 * "This product includes software developed by the OpenSSL Project 23 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 24 * 25 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 26 * endorse or promote products derived from this software without 27 * prior written permission. For written permission, please contact 28 * licensing@OpenSSL.org. 29 * 30 * 5. Products derived from this software may not be called "OpenSSL" 31 * nor may "OpenSSL" appear in their names without prior written 32 * permission of the OpenSSL Project. 33 * 34 * 6. Redistributions of any form whatsoever must retain the following 35 * acknowledgment: 36 * "This product includes software developed by the OpenSSL Project 37 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 38 * 39 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 40 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 41 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 42 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 43 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 44 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 45 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 46 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 47 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 48 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 49 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 50 * OF THE POSSIBILITY OF SUCH DAMAGE. 51 * ==================================================================== 52 * 53 * This product includes cryptographic software written by Eric Young 54 * (eay@cryptsoft.com). This product includes software written by Tim 55 * Hudson (tjh@cryptsoft.com). 56 * 57 */ 58 59 #include <stdio.h> 60 #include "cryptlib.h" 61 #include <openssl/asn1t.h> 62 #include <openssl/x509.h> 63 #include <openssl/rsa.h> 64 #include <openssl/bn.h> 65 #include <openssl/evp.h> 66 #ifndef OPENSSL_NO_CMS 67 #include <openssl/cms.h> 68 #endif 69 #ifdef OPENSSL_FIPS 70 #include <openssl/fips.h> 71 #endif 72 #include "evp_locl.h" 73 #include "rsa_locl.h" 74 75 /* RSA pkey context structure */ 76 77 typedef struct 78 { 79 /* Key gen parameters */ 80 int nbits; 81 BIGNUM *pub_exp; 82 /* Keygen callback info */ 83 int gentmp[2]; 84 /* RSA padding mode */ 85 int pad_mode; 86 /* message digest */ 87 const EVP_MD *md; 88 /* message digest for MGF1 */ 89 const EVP_MD *mgf1md; 90 /* PSS/OAEP salt length */ 91 int saltlen; 92 /* Temp buffer */ 93 unsigned char *tbuf; 94 } RSA_PKEY_CTX; 95 96 static int pkey_rsa_init(EVP_PKEY_CTX *ctx) 97 { 98 RSA_PKEY_CTX *rctx; 99 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); 100 if (!rctx) 101 return 0; 102 rctx->nbits = 1024; 103 rctx->pub_exp = NULL; 104 rctx->pad_mode = RSA_PKCS1_PADDING; 105 rctx->md = NULL; 106 rctx->mgf1md = NULL; 107 rctx->tbuf = NULL; 108 109 rctx->saltlen = -2; 110 111 ctx->data = rctx; 112 ctx->keygen_info = rctx->gentmp; 113 ctx->keygen_info_count = 2; 114 115 return 1; 116 } 117 118 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 119 { 120 RSA_PKEY_CTX *dctx, *sctx; 121 if (!pkey_rsa_init(dst)) 122 return 0; 123 sctx = src->data; 124 dctx = dst->data; 125 dctx->nbits = sctx->nbits; 126 if (sctx->pub_exp) 127 { 128 dctx->pub_exp = BN_dup(sctx->pub_exp); 129 if (!dctx->pub_exp) 130 return 0; 131 } 132 dctx->pad_mode = sctx->pad_mode; 133 dctx->md = sctx->md; 134 return 1; 135 } 136 137 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) 138 { 139 if (ctx->tbuf) 140 return 1; 141 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); 142 if (!ctx->tbuf) 143 return 0; 144 return 1; 145 } 146 147 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) 148 { 149 RSA_PKEY_CTX *rctx = ctx->data; 150 if (rctx) 151 { 152 if (rctx->pub_exp) 153 BN_free(rctx->pub_exp); 154 if (rctx->tbuf) 155 OPENSSL_free(rctx->tbuf); 156 OPENSSL_free(rctx); 157 } 158 } 159 #ifdef OPENSSL_FIPS 160 /* FIP checker. Return value indicates status of context parameters: 161 * 1 : redirect to FIPS. 162 * 0 : don't redirect to FIPS. 163 * -1 : illegal operation in FIPS mode. 164 */ 165 166 static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) 167 { 168 RSA_PKEY_CTX *rctx = ctx->data; 169 RSA *rsa = ctx->pkey->pkey.rsa; 170 int rv = -1; 171 if (!FIPS_mode()) 172 return 0; 173 if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) 174 rv = 0; 175 if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) 176 return -1; 177 if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS)) 178 return rv; 179 if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) 180 return rv; 181 return 1; 182 } 183 #endif 184 185 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, size_t *siglen, 186 const unsigned char *tbs, size_t tbslen) 187 { 188 int ret; 189 RSA_PKEY_CTX *rctx = ctx->data; 190 RSA *rsa = ctx->pkey->pkey.rsa; 191 192 #ifdef OPENSSL_FIPS 193 ret = pkey_fips_check_ctx(ctx); 194 if (ret < 0) 195 { 196 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 197 return -1; 198 } 199 #endif 200 201 if (rctx->md) 202 { 203 if (tbslen != (size_t)EVP_MD_size(rctx->md)) 204 { 205 RSAerr(RSA_F_PKEY_RSA_SIGN, 206 RSA_R_INVALID_DIGEST_LENGTH); 207 return -1; 208 } 209 #ifdef OPENSSL_FIPS 210 if (ret > 0) 211 { 212 unsigned int slen; 213 ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, 214 rctx->pad_mode, 215 rctx->saltlen, 216 rctx->mgf1md, 217 sig, &slen); 218 if (ret > 0) 219 *siglen = slen; 220 else 221 *siglen = 0; 222 return ret; 223 } 224 #endif 225 226 if (EVP_MD_type(rctx->md) == NID_mdc2) 227 { 228 unsigned int sltmp; 229 if (rctx->pad_mode != RSA_PKCS1_PADDING) 230 return -1; 231 ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, 232 tbs, tbslen, sig, &sltmp, rsa); 233 234 if (ret <= 0) 235 return ret; 236 ret = sltmp; 237 } 238 else if (rctx->pad_mode == RSA_X931_PADDING) 239 { 240 if (!setup_tbuf(rctx, ctx)) 241 return -1; 242 memcpy(rctx->tbuf, tbs, tbslen); 243 rctx->tbuf[tbslen] = 244 RSA_X931_hash_id(EVP_MD_type(rctx->md)); 245 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, 246 sig, rsa, RSA_X931_PADDING); 247 } 248 else if (rctx->pad_mode == RSA_PKCS1_PADDING) 249 { 250 unsigned int sltmp; 251 ret = RSA_sign(EVP_MD_type(rctx->md), 252 tbs, tbslen, sig, &sltmp, rsa); 253 if (ret <= 0) 254 return ret; 255 ret = sltmp; 256 } 257 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) 258 { 259 if (!setup_tbuf(rctx, ctx)) 260 return -1; 261 if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, 262 rctx->tbuf, tbs, 263 rctx->md, rctx->mgf1md, 264 rctx->saltlen)) 265 return -1; 266 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, 267 sig, rsa, RSA_NO_PADDING); 268 } 269 else 270 return -1; 271 } 272 else 273 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, 274 rctx->pad_mode); 275 if (ret < 0) 276 return ret; 277 *siglen = ret; 278 return 1; 279 } 280 281 282 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, 283 unsigned char *rout, size_t *routlen, 284 const unsigned char *sig, size_t siglen) 285 { 286 int ret; 287 RSA_PKEY_CTX *rctx = ctx->data; 288 289 if (rctx->md) 290 { 291 if (rctx->pad_mode == RSA_X931_PADDING) 292 { 293 if (!setup_tbuf(rctx, ctx)) 294 return -1; 295 ret = RSA_public_decrypt(siglen, sig, 296 rctx->tbuf, ctx->pkey->pkey.rsa, 297 RSA_X931_PADDING); 298 if (ret < 1) 299 return 0; 300 ret--; 301 if (rctx->tbuf[ret] != 302 RSA_X931_hash_id(EVP_MD_type(rctx->md))) 303 { 304 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 305 RSA_R_ALGORITHM_MISMATCH); 306 return 0; 307 } 308 if (ret != EVP_MD_size(rctx->md)) 309 { 310 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 311 RSA_R_INVALID_DIGEST_LENGTH); 312 return 0; 313 } 314 if (rout) 315 memcpy(rout, rctx->tbuf, ret); 316 } 317 else if (rctx->pad_mode == RSA_PKCS1_PADDING) 318 { 319 size_t sltmp; 320 ret = int_rsa_verify(EVP_MD_type(rctx->md), 321 NULL, 0, rout, &sltmp, 322 sig, siglen, ctx->pkey->pkey.rsa); 323 if (ret <= 0) 324 return 0; 325 ret = sltmp; 326 } 327 else 328 return -1; 329 } 330 else 331 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, 332 rctx->pad_mode); 333 if (ret < 0) 334 return ret; 335 *routlen = ret; 336 return 1; 337 } 338 339 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, 340 const unsigned char *sig, size_t siglen, 341 const unsigned char *tbs, size_t tbslen) 342 { 343 RSA_PKEY_CTX *rctx = ctx->data; 344 RSA *rsa = ctx->pkey->pkey.rsa; 345 size_t rslen; 346 #ifdef OPENSSL_FIPS 347 int rv; 348 rv = pkey_fips_check_ctx(ctx); 349 if (rv < 0) 350 { 351 RSAerr(RSA_F_PKEY_RSA_VERIFY, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 352 return -1; 353 } 354 #endif 355 if (rctx->md) 356 { 357 #ifdef OPENSSL_FIPS 358 if (rv > 0) 359 { 360 return FIPS_rsa_verify_digest(rsa, 361 tbs, tbslen, 362 rctx->md, 363 rctx->pad_mode, 364 rctx->saltlen, 365 rctx->mgf1md, 366 sig, siglen); 367 368 } 369 #endif 370 if (rctx->pad_mode == RSA_PKCS1_PADDING) 371 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, 372 sig, siglen, rsa); 373 if (rctx->pad_mode == RSA_X931_PADDING) 374 { 375 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, 376 sig, siglen) <= 0) 377 return 0; 378 } 379 else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) 380 { 381 int ret; 382 if (!setup_tbuf(rctx, ctx)) 383 return -1; 384 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, 385 rsa, RSA_NO_PADDING); 386 if (ret <= 0) 387 return 0; 388 ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, 389 rctx->md, rctx->mgf1md, 390 rctx->tbuf, rctx->saltlen); 391 if (ret <= 0) 392 return 0; 393 return 1; 394 } 395 else 396 return -1; 397 } 398 else 399 { 400 if (!setup_tbuf(rctx, ctx)) 401 return -1; 402 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, 403 rsa, rctx->pad_mode); 404 if (rslen == 0) 405 return 0; 406 } 407 408 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) 409 return 0; 410 411 return 1; 412 413 } 414 415 416 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, 417 unsigned char *out, size_t *outlen, 418 const unsigned char *in, size_t inlen) 419 { 420 int ret; 421 RSA_PKEY_CTX *rctx = ctx->data; 422 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, 423 rctx->pad_mode); 424 if (ret < 0) 425 return ret; 426 *outlen = ret; 427 return 1; 428 } 429 430 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, 431 unsigned char *out, size_t *outlen, 432 const unsigned char *in, size_t inlen) 433 { 434 int ret; 435 RSA_PKEY_CTX *rctx = ctx->data; 436 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, 437 rctx->pad_mode); 438 if (ret < 0) 439 return ret; 440 *outlen = ret; 441 return 1; 442 } 443 444 static int check_padding_md(const EVP_MD *md, int padding) 445 { 446 if (!md) 447 return 1; 448 449 if (padding == RSA_NO_PADDING) 450 { 451 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); 452 return 0; 453 } 454 455 if (padding == RSA_X931_PADDING) 456 { 457 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) 458 { 459 RSAerr(RSA_F_CHECK_PADDING_MD, 460 RSA_R_INVALID_X931_DIGEST); 461 return 0; 462 } 463 return 1; 464 } 465 466 return 1; 467 } 468 469 470 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 471 { 472 RSA_PKEY_CTX *rctx = ctx->data; 473 switch (type) 474 { 475 case EVP_PKEY_CTRL_RSA_PADDING: 476 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) 477 { 478 if (!check_padding_md(rctx->md, p1)) 479 return 0; 480 if (p1 == RSA_PKCS1_PSS_PADDING) 481 { 482 if (!(ctx->operation & 483 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) 484 goto bad_pad; 485 if (!rctx->md) 486 rctx->md = EVP_sha1(); 487 } 488 if (p1 == RSA_PKCS1_OAEP_PADDING) 489 { 490 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) 491 goto bad_pad; 492 if (!rctx->md) 493 rctx->md = EVP_sha1(); 494 } 495 rctx->pad_mode = p1; 496 return 1; 497 } 498 bad_pad: 499 RSAerr(RSA_F_PKEY_RSA_CTRL, 500 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); 501 return -2; 502 503 case EVP_PKEY_CTRL_GET_RSA_PADDING: 504 *(int *)p2 = rctx->pad_mode; 505 return 1; 506 507 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: 508 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: 509 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) 510 { 511 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); 512 return -2; 513 } 514 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) 515 *(int *)p2 = rctx->saltlen; 516 else 517 { 518 if (p1 < -2) 519 return -2; 520 rctx->saltlen = p1; 521 } 522 return 1; 523 524 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: 525 if (p1 < 256) 526 { 527 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); 528 return -2; 529 } 530 rctx->nbits = p1; 531 return 1; 532 533 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: 534 if (!p2) 535 return -2; 536 rctx->pub_exp = p2; 537 return 1; 538 539 case EVP_PKEY_CTRL_MD: 540 if (!check_padding_md(p2, rctx->pad_mode)) 541 return 0; 542 rctx->md = p2; 543 return 1; 544 545 case EVP_PKEY_CTRL_RSA_MGF1_MD: 546 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: 547 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) 548 { 549 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); 550 return -2; 551 } 552 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) 553 { 554 if (rctx->mgf1md) 555 *(const EVP_MD **)p2 = rctx->mgf1md; 556 else 557 *(const EVP_MD **)p2 = rctx->md; 558 } 559 else 560 rctx->mgf1md = p2; 561 return 1; 562 563 case EVP_PKEY_CTRL_DIGESTINIT: 564 case EVP_PKEY_CTRL_PKCS7_ENCRYPT: 565 case EVP_PKEY_CTRL_PKCS7_DECRYPT: 566 case EVP_PKEY_CTRL_PKCS7_SIGN: 567 return 1; 568 #ifndef OPENSSL_NO_CMS 569 case EVP_PKEY_CTRL_CMS_DECRYPT: 570 { 571 X509_ALGOR *alg = NULL; 572 ASN1_OBJECT *encalg = NULL; 573 if (p2) 574 CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg); 575 if (alg) 576 X509_ALGOR_get0(&encalg, NULL, NULL, alg); 577 if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep) 578 rctx->pad_mode = RSA_PKCS1_OAEP_PADDING; 579 } 580 case EVP_PKEY_CTRL_CMS_ENCRYPT: 581 case EVP_PKEY_CTRL_CMS_SIGN: 582 return 1; 583 #endif 584 case EVP_PKEY_CTRL_PEER_KEY: 585 RSAerr(RSA_F_PKEY_RSA_CTRL, 586 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 587 return -2; 588 589 default: 590 return -2; 591 592 } 593 } 594 595 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, 596 const char *type, const char *value) 597 { 598 if (!value) 599 { 600 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); 601 return 0; 602 } 603 if (!strcmp(type, "rsa_padding_mode")) 604 { 605 int pm; 606 if (!strcmp(value, "pkcs1")) 607 pm = RSA_PKCS1_PADDING; 608 else if (!strcmp(value, "sslv23")) 609 pm = RSA_SSLV23_PADDING; 610 else if (!strcmp(value, "none")) 611 pm = RSA_NO_PADDING; 612 else if (!strcmp(value, "oeap")) 613 pm = RSA_PKCS1_OAEP_PADDING; 614 else if (!strcmp(value, "oaep")) 615 pm = RSA_PKCS1_OAEP_PADDING; 616 else if (!strcmp(value, "x931")) 617 pm = RSA_X931_PADDING; 618 else if (!strcmp(value, "pss")) 619 pm = RSA_PKCS1_PSS_PADDING; 620 else 621 { 622 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, 623 RSA_R_UNKNOWN_PADDING_TYPE); 624 return -2; 625 } 626 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); 627 } 628 629 if (!strcmp(type, "rsa_pss_saltlen")) 630 { 631 int saltlen; 632 saltlen = atoi(value); 633 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); 634 } 635 636 if (!strcmp(type, "rsa_keygen_bits")) 637 { 638 int nbits; 639 nbits = atoi(value); 640 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); 641 } 642 643 if (!strcmp(type, "rsa_keygen_pubexp")) 644 { 645 int ret; 646 BIGNUM *pubexp = NULL; 647 if (!BN_asc2bn(&pubexp, value)) 648 return 0; 649 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); 650 if (ret <= 0) 651 BN_free(pubexp); 652 return ret; 653 } 654 655 return -2; 656 } 657 658 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 659 { 660 RSA *rsa = NULL; 661 RSA_PKEY_CTX *rctx = ctx->data; 662 BN_GENCB *pcb, cb; 663 int ret; 664 if (!rctx->pub_exp) 665 { 666 rctx->pub_exp = BN_new(); 667 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) 668 return 0; 669 } 670 rsa = RSA_new(); 671 if (!rsa) 672 return 0; 673 if (ctx->pkey_gencb) 674 { 675 pcb = &cb; 676 evp_pkey_set_cb_translate(pcb, ctx); 677 } 678 else 679 pcb = NULL; 680 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); 681 if (ret > 0) 682 EVP_PKEY_assign_RSA(pkey, rsa); 683 else 684 RSA_free(rsa); 685 return ret; 686 } 687 688 const EVP_PKEY_METHOD rsa_pkey_meth = 689 { 690 EVP_PKEY_RSA, 691 EVP_PKEY_FLAG_AUTOARGLEN, 692 pkey_rsa_init, 693 pkey_rsa_copy, 694 pkey_rsa_cleanup, 695 696 0,0, 697 698 0, 699 pkey_rsa_keygen, 700 701 0, 702 pkey_rsa_sign, 703 704 0, 705 pkey_rsa_verify, 706 707 0, 708 pkey_rsa_verifyrecover, 709 710 711 0,0,0,0, 712 713 0, 714 pkey_rsa_encrypt, 715 716 0, 717 pkey_rsa_decrypt, 718 719 0,0, 720 721 pkey_rsa_ctrl, 722 pkey_rsa_ctrl_str 723 724 725 }; 726