1 /* crypto/rsa/rsa_pmeth.c */ 2 /* 3 * Written by Dr Stephen N Henson (steve@openssl.org) for the OpenSSL project 4 * 2006. 5 */ 6 /* ==================================================================== 7 * Copyright (c) 2006 The OpenSSL Project. All rights reserved. 8 * 9 * Redistribution and use in source and binary forms, with or without 10 * modification, are permitted provided that the following conditions 11 * are met: 12 * 13 * 1. Redistributions of source code must retain the above copyright 14 * notice, this list of conditions and the following disclaimer. 15 * 16 * 2. Redistributions in binary form must reproduce the above copyright 17 * notice, this list of conditions and the following disclaimer in 18 * the documentation and/or other materials provided with the 19 * distribution. 20 * 21 * 3. All advertising materials mentioning features or use of this 22 * software must display the following acknowledgment: 23 * "This product includes software developed by the OpenSSL Project 24 * for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)" 25 * 26 * 4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to 27 * endorse or promote products derived from this software without 28 * prior written permission. For written permission, please contact 29 * licensing@OpenSSL.org. 30 * 31 * 5. Products derived from this software may not be called "OpenSSL" 32 * nor may "OpenSSL" appear in their names without prior written 33 * permission of the OpenSSL Project. 34 * 35 * 6. Redistributions of any form whatsoever must retain the following 36 * acknowledgment: 37 * "This product includes software developed by the OpenSSL Project 38 * for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)" 39 * 40 * THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY 41 * EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 42 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 43 * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR 44 * ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, 45 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT 46 * NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; 47 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 48 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, 49 * STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 50 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED 51 * OF THE POSSIBILITY OF SUCH DAMAGE. 52 * ==================================================================== 53 * 54 * This product includes cryptographic software written by Eric Young 55 * (eay@cryptsoft.com). This product includes software written by Tim 56 * Hudson (tjh@cryptsoft.com). 57 * 58 */ 59 60 #include <stdio.h> 61 #include "cryptlib.h" 62 #include <openssl/asn1t.h> 63 #include <openssl/x509.h> 64 #include <openssl/rsa.h> 65 #include <openssl/bn.h> 66 #include <openssl/evp.h> 67 #ifndef OPENSSL_NO_CMS 68 # include <openssl/cms.h> 69 #endif 70 #ifdef OPENSSL_FIPS 71 # include <openssl/fips.h> 72 #endif 73 #include "evp_locl.h" 74 #include "rsa_locl.h" 75 76 /* RSA pkey context structure */ 77 78 typedef struct { 79 /* Key gen parameters */ 80 int nbits; 81 BIGNUM *pub_exp; 82 /* Keygen callback info */ 83 int gentmp[2]; 84 /* RSA padding mode */ 85 int pad_mode; 86 /* message digest */ 87 const EVP_MD *md; 88 /* message digest for MGF1 */ 89 const EVP_MD *mgf1md; 90 /* PSS/OAEP salt length */ 91 int saltlen; 92 /* Temp buffer */ 93 unsigned char *tbuf; 94 } RSA_PKEY_CTX; 95 96 static int pkey_rsa_init(EVP_PKEY_CTX *ctx) 97 { 98 RSA_PKEY_CTX *rctx; 99 rctx = OPENSSL_malloc(sizeof(RSA_PKEY_CTX)); 100 if (!rctx) 101 return 0; 102 rctx->nbits = 1024; 103 rctx->pub_exp = NULL; 104 rctx->pad_mode = RSA_PKCS1_PADDING; 105 rctx->md = NULL; 106 rctx->mgf1md = NULL; 107 rctx->tbuf = NULL; 108 109 rctx->saltlen = -2; 110 111 ctx->data = rctx; 112 ctx->keygen_info = rctx->gentmp; 113 ctx->keygen_info_count = 2; 114 115 return 1; 116 } 117 118 static int pkey_rsa_copy(EVP_PKEY_CTX *dst, EVP_PKEY_CTX *src) 119 { 120 RSA_PKEY_CTX *dctx, *sctx; 121 if (!pkey_rsa_init(dst)) 122 return 0; 123 sctx = src->data; 124 dctx = dst->data; 125 dctx->nbits = sctx->nbits; 126 if (sctx->pub_exp) { 127 dctx->pub_exp = BN_dup(sctx->pub_exp); 128 if (!dctx->pub_exp) 129 return 0; 130 } 131 dctx->pad_mode = sctx->pad_mode; 132 dctx->md = sctx->md; 133 return 1; 134 } 135 136 static int setup_tbuf(RSA_PKEY_CTX *ctx, EVP_PKEY_CTX *pk) 137 { 138 if (ctx->tbuf) 139 return 1; 140 ctx->tbuf = OPENSSL_malloc(EVP_PKEY_size(pk->pkey)); 141 if (!ctx->tbuf) 142 return 0; 143 return 1; 144 } 145 146 static void pkey_rsa_cleanup(EVP_PKEY_CTX *ctx) 147 { 148 RSA_PKEY_CTX *rctx = ctx->data; 149 if (rctx) { 150 if (rctx->pub_exp) 151 BN_free(rctx->pub_exp); 152 if (rctx->tbuf) 153 OPENSSL_free(rctx->tbuf); 154 OPENSSL_free(rctx); 155 } 156 } 157 158 #ifdef OPENSSL_FIPS 159 /* 160 * FIP checker. Return value indicates status of context parameters: 1 : 161 * redirect to FIPS. 0 : don't redirect to FIPS. -1 : illegal operation in 162 * FIPS mode. 163 */ 164 165 static int pkey_fips_check_ctx(EVP_PKEY_CTX *ctx) 166 { 167 RSA_PKEY_CTX *rctx = ctx->data; 168 RSA *rsa = ctx->pkey->pkey.rsa; 169 int rv = -1; 170 if (!FIPS_mode()) 171 return 0; 172 if (rsa->flags & RSA_FLAG_NON_FIPS_ALLOW) 173 rv = 0; 174 if (!(rsa->meth->flags & RSA_FLAG_FIPS_METHOD) && rv) 175 return -1; 176 if (rctx->md && !(rctx->md->flags & EVP_MD_FLAG_FIPS)) 177 return rv; 178 if (rctx->mgf1md && !(rctx->mgf1md->flags & EVP_MD_FLAG_FIPS)) 179 return rv; 180 return 1; 181 } 182 #endif 183 184 static int pkey_rsa_sign(EVP_PKEY_CTX *ctx, unsigned char *sig, 185 size_t *siglen, const unsigned char *tbs, 186 size_t tbslen) 187 { 188 int ret; 189 RSA_PKEY_CTX *rctx = ctx->data; 190 RSA *rsa = ctx->pkey->pkey.rsa; 191 192 #ifdef OPENSSL_FIPS 193 ret = pkey_fips_check_ctx(ctx); 194 if (ret < 0) { 195 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 196 return -1; 197 } 198 #endif 199 200 if (rctx->md) { 201 if (tbslen != (size_t)EVP_MD_size(rctx->md)) { 202 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_INVALID_DIGEST_LENGTH); 203 return -1; 204 } 205 #ifdef OPENSSL_FIPS 206 if (ret > 0) { 207 unsigned int slen; 208 ret = FIPS_rsa_sign_digest(rsa, tbs, tbslen, rctx->md, 209 rctx->pad_mode, 210 rctx->saltlen, 211 rctx->mgf1md, sig, &slen); 212 if (ret > 0) 213 *siglen = slen; 214 else 215 *siglen = 0; 216 return ret; 217 } 218 #endif 219 220 if (EVP_MD_type(rctx->md) == NID_mdc2) { 221 unsigned int sltmp; 222 if (rctx->pad_mode != RSA_PKCS1_PADDING) 223 return -1; 224 ret = RSA_sign_ASN1_OCTET_STRING(NID_mdc2, 225 tbs, tbslen, sig, &sltmp, rsa); 226 227 if (ret <= 0) 228 return ret; 229 ret = sltmp; 230 } else if (rctx->pad_mode == RSA_X931_PADDING) { 231 if ((size_t)EVP_PKEY_size(ctx->pkey) < tbslen + 1) { 232 RSAerr(RSA_F_PKEY_RSA_SIGN, RSA_R_KEY_SIZE_TOO_SMALL); 233 return -1; 234 } 235 if (!setup_tbuf(rctx, ctx)) { 236 RSAerr(RSA_F_PKEY_RSA_SIGN, ERR_R_MALLOC_FAILURE); 237 return -1; 238 } 239 memcpy(rctx->tbuf, tbs, tbslen); 240 rctx->tbuf[tbslen] = RSA_X931_hash_id(EVP_MD_type(rctx->md)); 241 ret = RSA_private_encrypt(tbslen + 1, rctx->tbuf, 242 sig, rsa, RSA_X931_PADDING); 243 } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { 244 unsigned int sltmp; 245 ret = RSA_sign(EVP_MD_type(rctx->md), 246 tbs, tbslen, sig, &sltmp, rsa); 247 if (ret <= 0) 248 return ret; 249 ret = sltmp; 250 } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { 251 if (!setup_tbuf(rctx, ctx)) 252 return -1; 253 if (!RSA_padding_add_PKCS1_PSS_mgf1(rsa, 254 rctx->tbuf, tbs, 255 rctx->md, rctx->mgf1md, 256 rctx->saltlen)) 257 return -1; 258 ret = RSA_private_encrypt(RSA_size(rsa), rctx->tbuf, 259 sig, rsa, RSA_NO_PADDING); 260 } else 261 return -1; 262 } else 263 ret = RSA_private_encrypt(tbslen, tbs, sig, ctx->pkey->pkey.rsa, 264 rctx->pad_mode); 265 if (ret < 0) 266 return ret; 267 *siglen = ret; 268 return 1; 269 } 270 271 static int pkey_rsa_verifyrecover(EVP_PKEY_CTX *ctx, 272 unsigned char *rout, size_t *routlen, 273 const unsigned char *sig, size_t siglen) 274 { 275 int ret; 276 RSA_PKEY_CTX *rctx = ctx->data; 277 278 if (rctx->md) { 279 if (rctx->pad_mode == RSA_X931_PADDING) { 280 if (!setup_tbuf(rctx, ctx)) 281 return -1; 282 ret = RSA_public_decrypt(siglen, sig, 283 rctx->tbuf, ctx->pkey->pkey.rsa, 284 RSA_X931_PADDING); 285 if (ret < 1) 286 return 0; 287 ret--; 288 if (rctx->tbuf[ret] != RSA_X931_hash_id(EVP_MD_type(rctx->md))) { 289 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 290 RSA_R_ALGORITHM_MISMATCH); 291 return 0; 292 } 293 if (ret != EVP_MD_size(rctx->md)) { 294 RSAerr(RSA_F_PKEY_RSA_VERIFYRECOVER, 295 RSA_R_INVALID_DIGEST_LENGTH); 296 return 0; 297 } 298 if (rout) 299 memcpy(rout, rctx->tbuf, ret); 300 } else if (rctx->pad_mode == RSA_PKCS1_PADDING) { 301 size_t sltmp; 302 ret = int_rsa_verify(EVP_MD_type(rctx->md), 303 NULL, 0, rout, &sltmp, 304 sig, siglen, ctx->pkey->pkey.rsa); 305 if (ret <= 0) 306 return 0; 307 ret = sltmp; 308 } else 309 return -1; 310 } else 311 ret = RSA_public_decrypt(siglen, sig, rout, ctx->pkey->pkey.rsa, 312 rctx->pad_mode); 313 if (ret < 0) 314 return ret; 315 *routlen = ret; 316 return 1; 317 } 318 319 static int pkey_rsa_verify(EVP_PKEY_CTX *ctx, 320 const unsigned char *sig, size_t siglen, 321 const unsigned char *tbs, size_t tbslen) 322 { 323 RSA_PKEY_CTX *rctx = ctx->data; 324 RSA *rsa = ctx->pkey->pkey.rsa; 325 size_t rslen; 326 #ifdef OPENSSL_FIPS 327 int rv; 328 rv = pkey_fips_check_ctx(ctx); 329 if (rv < 0) { 330 RSAerr(RSA_F_PKEY_RSA_VERIFY, 331 RSA_R_OPERATION_NOT_ALLOWED_IN_FIPS_MODE); 332 return -1; 333 } 334 #endif 335 if (rctx->md) { 336 #ifdef OPENSSL_FIPS 337 if (rv > 0) { 338 return FIPS_rsa_verify_digest(rsa, 339 tbs, tbslen, 340 rctx->md, 341 rctx->pad_mode, 342 rctx->saltlen, 343 rctx->mgf1md, sig, siglen); 344 345 } 346 #endif 347 if (rctx->pad_mode == RSA_PKCS1_PADDING) 348 return RSA_verify(EVP_MD_type(rctx->md), tbs, tbslen, 349 sig, siglen, rsa); 350 if (rctx->pad_mode == RSA_X931_PADDING) { 351 if (pkey_rsa_verifyrecover(ctx, NULL, &rslen, sig, siglen) <= 0) 352 return 0; 353 } else if (rctx->pad_mode == RSA_PKCS1_PSS_PADDING) { 354 int ret; 355 if (!setup_tbuf(rctx, ctx)) 356 return -1; 357 ret = RSA_public_decrypt(siglen, sig, rctx->tbuf, 358 rsa, RSA_NO_PADDING); 359 if (ret <= 0) 360 return 0; 361 ret = RSA_verify_PKCS1_PSS_mgf1(rsa, tbs, 362 rctx->md, rctx->mgf1md, 363 rctx->tbuf, rctx->saltlen); 364 if (ret <= 0) 365 return 0; 366 return 1; 367 } else 368 return -1; 369 } else { 370 if (!setup_tbuf(rctx, ctx)) 371 return -1; 372 rslen = RSA_public_decrypt(siglen, sig, rctx->tbuf, 373 rsa, rctx->pad_mode); 374 if (rslen == 0) 375 return 0; 376 } 377 378 if ((rslen != tbslen) || memcmp(tbs, rctx->tbuf, rslen)) 379 return 0; 380 381 return 1; 382 383 } 384 385 static int pkey_rsa_encrypt(EVP_PKEY_CTX *ctx, 386 unsigned char *out, size_t *outlen, 387 const unsigned char *in, size_t inlen) 388 { 389 int ret; 390 RSA_PKEY_CTX *rctx = ctx->data; 391 ret = RSA_public_encrypt(inlen, in, out, ctx->pkey->pkey.rsa, 392 rctx->pad_mode); 393 if (ret < 0) 394 return ret; 395 *outlen = ret; 396 return 1; 397 } 398 399 static int pkey_rsa_decrypt(EVP_PKEY_CTX *ctx, 400 unsigned char *out, size_t *outlen, 401 const unsigned char *in, size_t inlen) 402 { 403 int ret; 404 RSA_PKEY_CTX *rctx = ctx->data; 405 ret = RSA_private_decrypt(inlen, in, out, ctx->pkey->pkey.rsa, 406 rctx->pad_mode); 407 if (ret < 0) 408 return ret; 409 *outlen = ret; 410 return 1; 411 } 412 413 static int check_padding_md(const EVP_MD *md, int padding) 414 { 415 if (!md) 416 return 1; 417 418 if (padding == RSA_NO_PADDING) { 419 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_PADDING_MODE); 420 return 0; 421 } 422 423 if (padding == RSA_X931_PADDING) { 424 if (RSA_X931_hash_id(EVP_MD_type(md)) == -1) { 425 RSAerr(RSA_F_CHECK_PADDING_MD, RSA_R_INVALID_X931_DIGEST); 426 return 0; 427 } 428 return 1; 429 } 430 431 return 1; 432 } 433 434 static int pkey_rsa_ctrl(EVP_PKEY_CTX *ctx, int type, int p1, void *p2) 435 { 436 RSA_PKEY_CTX *rctx = ctx->data; 437 switch (type) { 438 case EVP_PKEY_CTRL_RSA_PADDING: 439 if ((p1 >= RSA_PKCS1_PADDING) && (p1 <= RSA_PKCS1_PSS_PADDING)) { 440 if (!check_padding_md(rctx->md, p1)) 441 return 0; 442 if (p1 == RSA_PKCS1_PSS_PADDING) { 443 if (!(ctx->operation & 444 (EVP_PKEY_OP_SIGN | EVP_PKEY_OP_VERIFY))) 445 goto bad_pad; 446 if (!rctx->md) 447 rctx->md = EVP_sha1(); 448 } 449 if (p1 == RSA_PKCS1_OAEP_PADDING) { 450 if (!(ctx->operation & EVP_PKEY_OP_TYPE_CRYPT)) 451 goto bad_pad; 452 if (!rctx->md) 453 rctx->md = EVP_sha1(); 454 } 455 rctx->pad_mode = p1; 456 return 1; 457 } 458 bad_pad: 459 RSAerr(RSA_F_PKEY_RSA_CTRL, 460 RSA_R_ILLEGAL_OR_UNSUPPORTED_PADDING_MODE); 461 return -2; 462 463 case EVP_PKEY_CTRL_GET_RSA_PADDING: 464 *(int *)p2 = rctx->pad_mode; 465 return 1; 466 467 case EVP_PKEY_CTRL_RSA_PSS_SALTLEN: 468 case EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN: 469 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 470 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_PSS_SALTLEN); 471 return -2; 472 } 473 if (type == EVP_PKEY_CTRL_GET_RSA_PSS_SALTLEN) 474 *(int *)p2 = rctx->saltlen; 475 else { 476 if (p1 < -2) 477 return -2; 478 rctx->saltlen = p1; 479 } 480 return 1; 481 482 case EVP_PKEY_CTRL_RSA_KEYGEN_BITS: 483 if (p1 < 256) { 484 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_KEYBITS); 485 return -2; 486 } 487 rctx->nbits = p1; 488 return 1; 489 490 case EVP_PKEY_CTRL_RSA_KEYGEN_PUBEXP: 491 if (!p2) 492 return -2; 493 rctx->pub_exp = p2; 494 return 1; 495 496 case EVP_PKEY_CTRL_MD: 497 if (!check_padding_md(p2, rctx->pad_mode)) 498 return 0; 499 rctx->md = p2; 500 return 1; 501 502 case EVP_PKEY_CTRL_RSA_MGF1_MD: 503 case EVP_PKEY_CTRL_GET_RSA_MGF1_MD: 504 if (rctx->pad_mode != RSA_PKCS1_PSS_PADDING) { 505 RSAerr(RSA_F_PKEY_RSA_CTRL, RSA_R_INVALID_MGF1_MD); 506 return -2; 507 } 508 if (type == EVP_PKEY_CTRL_GET_RSA_MGF1_MD) { 509 if (rctx->mgf1md) 510 *(const EVP_MD **)p2 = rctx->mgf1md; 511 else 512 *(const EVP_MD **)p2 = rctx->md; 513 } else 514 rctx->mgf1md = p2; 515 return 1; 516 517 case EVP_PKEY_CTRL_DIGESTINIT: 518 case EVP_PKEY_CTRL_PKCS7_ENCRYPT: 519 case EVP_PKEY_CTRL_PKCS7_DECRYPT: 520 case EVP_PKEY_CTRL_PKCS7_SIGN: 521 return 1; 522 #ifndef OPENSSL_NO_CMS 523 case EVP_PKEY_CTRL_CMS_DECRYPT: 524 { 525 X509_ALGOR *alg = NULL; 526 ASN1_OBJECT *encalg = NULL; 527 if (p2) 528 CMS_RecipientInfo_ktri_get0_algs(p2, NULL, NULL, &alg); 529 if (alg) 530 X509_ALGOR_get0(&encalg, NULL, NULL, alg); 531 if (encalg && OBJ_obj2nid(encalg) == NID_rsaesOaep) 532 rctx->pad_mode = RSA_PKCS1_OAEP_PADDING; 533 } 534 case EVP_PKEY_CTRL_CMS_ENCRYPT: 535 case EVP_PKEY_CTRL_CMS_SIGN: 536 return 1; 537 #endif 538 case EVP_PKEY_CTRL_PEER_KEY: 539 RSAerr(RSA_F_PKEY_RSA_CTRL, 540 RSA_R_OPERATION_NOT_SUPPORTED_FOR_THIS_KEYTYPE); 541 return -2; 542 543 default: 544 return -2; 545 546 } 547 } 548 549 static int pkey_rsa_ctrl_str(EVP_PKEY_CTX *ctx, 550 const char *type, const char *value) 551 { 552 if (!value) { 553 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_VALUE_MISSING); 554 return 0; 555 } 556 if (!strcmp(type, "rsa_padding_mode")) { 557 int pm; 558 if (!strcmp(value, "pkcs1")) 559 pm = RSA_PKCS1_PADDING; 560 else if (!strcmp(value, "sslv23")) 561 pm = RSA_SSLV23_PADDING; 562 else if (!strcmp(value, "none")) 563 pm = RSA_NO_PADDING; 564 else if (!strcmp(value, "oeap")) 565 pm = RSA_PKCS1_OAEP_PADDING; 566 else if (!strcmp(value, "oaep")) 567 pm = RSA_PKCS1_OAEP_PADDING; 568 else if (!strcmp(value, "x931")) 569 pm = RSA_X931_PADDING; 570 else if (!strcmp(value, "pss")) 571 pm = RSA_PKCS1_PSS_PADDING; 572 else { 573 RSAerr(RSA_F_PKEY_RSA_CTRL_STR, RSA_R_UNKNOWN_PADDING_TYPE); 574 return -2; 575 } 576 return EVP_PKEY_CTX_set_rsa_padding(ctx, pm); 577 } 578 579 if (!strcmp(type, "rsa_pss_saltlen")) { 580 int saltlen; 581 saltlen = atoi(value); 582 return EVP_PKEY_CTX_set_rsa_pss_saltlen(ctx, saltlen); 583 } 584 585 if (!strcmp(type, "rsa_keygen_bits")) { 586 int nbits; 587 nbits = atoi(value); 588 return EVP_PKEY_CTX_set_rsa_keygen_bits(ctx, nbits); 589 } 590 591 if (!strcmp(type, "rsa_keygen_pubexp")) { 592 int ret; 593 BIGNUM *pubexp = NULL; 594 if (!BN_asc2bn(&pubexp, value)) 595 return 0; 596 ret = EVP_PKEY_CTX_set_rsa_keygen_pubexp(ctx, pubexp); 597 if (ret <= 0) 598 BN_free(pubexp); 599 return ret; 600 } 601 602 return -2; 603 } 604 605 static int pkey_rsa_keygen(EVP_PKEY_CTX *ctx, EVP_PKEY *pkey) 606 { 607 RSA *rsa = NULL; 608 RSA_PKEY_CTX *rctx = ctx->data; 609 BN_GENCB *pcb, cb; 610 int ret; 611 if (!rctx->pub_exp) { 612 rctx->pub_exp = BN_new(); 613 if (!rctx->pub_exp || !BN_set_word(rctx->pub_exp, RSA_F4)) 614 return 0; 615 } 616 rsa = RSA_new(); 617 if (!rsa) 618 return 0; 619 if (ctx->pkey_gencb) { 620 pcb = &cb; 621 evp_pkey_set_cb_translate(pcb, ctx); 622 } else 623 pcb = NULL; 624 ret = RSA_generate_key_ex(rsa, rctx->nbits, rctx->pub_exp, pcb); 625 if (ret > 0) 626 EVP_PKEY_assign_RSA(pkey, rsa); 627 else 628 RSA_free(rsa); 629 return ret; 630 } 631 632 const EVP_PKEY_METHOD rsa_pkey_meth = { 633 EVP_PKEY_RSA, 634 EVP_PKEY_FLAG_AUTOARGLEN, 635 pkey_rsa_init, 636 pkey_rsa_copy, 637 pkey_rsa_cleanup, 638 639 0, 0, 640 641 0, 642 pkey_rsa_keygen, 643 644 0, 645 pkey_rsa_sign, 646 647 0, 648 pkey_rsa_verify, 649 650 0, 651 pkey_rsa_verifyrecover, 652 653 0, 0, 0, 0, 654 655 0, 656 pkey_rsa_encrypt, 657 658 0, 659 pkey_rsa_decrypt, 660 661 0, 0, 662 663 pkey_rsa_ctrl, 664 pkey_rsa_ctrl_str 665 }; 666